Bug 1451046 - Queued item containing secrets is being dumped in plain-text in evm.log
Summary: Queued item containing secrets is being dumped in plain-text in evm.log
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Providers
Version: 5.8.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: GA
: 5.8.0
Assignee: James Wong
QA Contact: Pavol Kotvan
URL:
Whiteboard:
Depends On: 1450183
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-05-15 15:58 UTC by Satoe Imaishi
Modified: 2017-05-31 15:12 UTC (History)
5 users (show)

Fixed In Version: 5.8.0.15
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1450183
Environment:
Last Closed: 2017-05-31 15:12:44 UTC
Category: ---
Cloudforms Team: CFME Core
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:1367 normal SHIPPED_LIVE Moderate: CFME 5.8.0 security, bug, and enhancement update 2017-05-31 18:16:03 UTC

Comment 2 CFME Bot 2017-05-15 16:01:08 UTC
New commit detected on ManageIQ/manageiq/fine:
https://github.com/ManageIQ/manageiq/commit/2d84cdb4a1783367da737f66f420cbd783825508

commit 2d84cdb4a1783367da737f66f420cbd783825508
Author:     Greg Blomquist <blomquisg@gmail.com>
AuthorDate: Mon May 15 11:42:37 2017 -0400
Commit:     Satoe Imaishi <simaishi@redhat.com>
CommitDate: Mon May 15 11:59:35 2017 -0400

    Merge pull request #15084 from jameswnl/encrypt
    
    Encrypt secrets before enqueue Tower CU operations
    (cherry picked from commit 601f965e89cdef4c46fdcb0db1827f709002ddb7)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1451046

 .../ansible_tower/shared/automation_manager/credential.rb      |  8 +++++---
 .../ansible_tower/shared/automation_manager/tower_api.rb       |  8 ++++++--
 lib/vmdb/settings/walker.rb                                    |  2 +-
 spec/support/ansible_shared/automation_manager/credential.rb   | 10 ++++++++--
 4 files changed, 20 insertions(+), 8 deletions(-)

Comment 5 errata-xmlrpc 2017-05-31 15:12:44 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:1367


Note You need to log in before you can comment on or make changes to this bug.