Bug 1758665 - Passwords stored in variables(extra_vars) are visible in clear text in the Appliance evm.log
Summary: Passwords stored in variables(extra_vars) are visible in clear text in the Ap...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance
Version: 5.10.6
Hardware: x86_64
OS: Linux
high
high
Target Milestone: GA
: 5.10.12
Assignee: Nick LaMuro
QA Contact: Satyajit Bulage
Red Hat CloudForms Documentation
URL:
Whiteboard:
Depends On: 1752033
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-10-04 19:07 UTC by Satoe Imaishi
Modified: 2023-03-24 15:36 UTC (History)
7 users (show)

Fixed In Version: 5.10.12.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1752033
Environment:
Last Closed: 2019-11-06 08:58:33 UTC
Category: ---
Cloudforms Team: CFME Core
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Comment 2 CFME Bot 2019-10-04 19:20:32 UTC 
New commit detected on ManageIQ/manageiq/hammer:

https://github.com/ManageIQ/manageiq/commit/7546df45e83b28be3b48beedb555798076180854
commit 7546df45e83b28be3b48beedb555798076180854
Author:     Jason Frey <jfrey>
AuthorDate: Tue Sep 17 17:46:44 2019 -0400
Commit:     Jason Frey <jfrey>
CommitDate: Tue Sep 17 17:46:44 2019 -0400

    Merge pull request #19299 from lfu/clean_up_message_1752033

    Remove unnecessary log message.

    (cherry picked from commit 73856f743fd80cb36825be570075b2f4a3eea4c5)

    https://bugzilla.redhat.com/show_bug.cgi?id=1758665

 app/models/miq_event.rb | 1 -
 1 file changed, 1 deletion(-)
Comment 3 CFME Bot 2019-10-04 19:22:56 UTC 
New commit detected on ManageIQ/manageiq-automation_engine/hammer:

https://github.com/ManageIQ/manageiq-automation_engine/commit/58be3f101dc4bad432f4069821577ae0ef5ea336
commit 58be3f101dc4bad432f4069821577ae0ef5ea336
Author:     Greg McCullough <gmccullo>
AuthorDate: Wed Sep 18 16:12:35 2019 -0400
Commit:     Greg McCullough <gmccullo>
CommitDate: Wed Sep 18 16:12:35 2019 -0400

    Merge pull request #371 from lfu/clean_up_message_1752033

    Mask the password value in logs.

    (cherry picked from commit 4be2d0a9edf5d5bf9cb7c91a72aa0f36f0c4b2ef)

    https://bugzilla.redhat.com/show_bug.cgi?id=1758665

 lib/miq_automation_engine/engine/miq_ae_engine.rb | 4 +-
 1 file changed, 2 insertions(+), 2 deletions(-)
Comment 4 Satoe Imaishi 2019-10-04 19:24:02 UTC 
https://github.com/ManageIQ/manageiq-providers-ansible_tower/pull/194
Comment 6 Satyajit Bulage 2019-10-11 17:03:07 UTC 
Verified Version: 5.10.12.0.20191007204014_0d55c84
Comment 8 errata-xmlrpc 2019-11-06 08:58:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:3268
Note You need to log in before you can comment on or make changes to this bug.