Bug 1767789 - Passwords stored in variables(extra_vars) are visible in clear text in the Appliance evm.log
Summary: Passwords stored in variables(extra_vars) are visible in clear text in the Ap...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance
Version: 5.10.6
Hardware: x86_64
OS: Linux
high
high
Target Milestone: GA
: 5.11.1
Assignee: Nick LaMuro
QA Contact: Jaroslav Henner
Red Hat CloudForms Documentation
URL:
Whiteboard:
Depends On: 1752033
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-11-01 12:31 UTC by Satoe Imaishi
Modified: 2023-03-24 15:52 UTC (History)
9 users (show)

Fixed In Version: 5.11.1.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1752033
Environment:
Last Closed: 2019-12-13 00:35:40 UTC
Category: ---
Cloudforms Team: CFME Core
Target Upstream Version:
Embargoed:
simaishi: cfme-5.11.z+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:4201 0 None None None 2019-12-13 00:35:48 UTC

Comment 2 CFME Bot 2019-11-01 19:32:46 UTC 
New commit detected on ManageIQ/manageiq/ivanchuk:

https://github.com/ManageIQ/manageiq/commit/2a85d99f93c0428b63a1b5dd72f4db14bb369317
commit 2a85d99f93c0428b63a1b5dd72f4db14bb369317
Author:     Jason Frey <jfrey>
AuthorDate: Tue Sep 17 17:46:44 2019 -0400
Commit:     Jason Frey <jfrey>
CommitDate: Tue Sep 17 17:46:44 2019 -0400

    Merge pull request #19299 from lfu/clean_up_message_1752033

    Remove unnecessary log message.

    (cherry picked from commit 73856f743fd80cb36825be570075b2f4a3eea4c5)

    https://bugzilla.redhat.com/show_bug.cgi?id=1767789

 app/models/miq_event.rb | 1 -
 1 file changed, 1 deletion(-)
Comment 3 CFME Bot 2019-11-01 19:44:27 UTC 
New commit detected on ManageIQ/manageiq-automation_engine/ivanchuk:

https://github.com/ManageIQ/manageiq-automation_engine/commit/2192b305ceed4985a1350b0a9301f127395a8179
commit 2192b305ceed4985a1350b0a9301f127395a8179
Author:     Greg McCullough <gmccullo>
AuthorDate: Wed Sep 18 16:12:35 2019 -0400
Commit:     Greg McCullough <gmccullo>
CommitDate: Wed Sep 18 16:12:35 2019 -0400

    Merge pull request #371 from lfu/clean_up_message_1752033

    Mask the password value in logs.

    (cherry picked from commit 4be2d0a9edf5d5bf9cb7c91a72aa0f36f0c4b2ef)

    https://bugzilla.redhat.com/show_bug.cgi?id=1767789

 lib/miq_automation_engine/engine/miq_ae_engine.rb | 4 +-
 1 file changed, 2 insertions(+), 2 deletions(-)
Comment 4 CFME Bot 2019-11-01 19:44:35 UTC 
New commit detected on ManageIQ/manageiq-providers-ansible_tower/ivanchuk:

https://github.com/ManageIQ/manageiq-providers-ansible_tower/commit/4145843d9c92ad1f2fe90e27128cf44e7a5a882b
commit 4145843d9c92ad1f2fe90e27128cf44e7a5a882b
Author:     Nick LaMuro <nicklamuro>
AuthorDate: Tue Sep 24 12:32:30 2019 -0400
Commit:     Nick LaMuro <nicklamuro>
CommitDate: Tue Sep 24 12:32:30 2019 -0400

    [ivanchuk][event_parser.rb] Filter out extra_vars data

    Since we can't be sure if there is sensitive data in there, it is better
    to just filter this out in the logs.  Hopefully this data isn't being
    used anywhere when parsing `job_create` events...

    This is the `ivanchuk` backport of the following PR:

    https://github.com/ManageIQ/manageiq-providers-ansible_tower/pull/193

    With the proper code changes done the first time...

    Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1767789

 app/models/manageiq/providers/ansible_tower/shared/automation_manager/event_parser.rb | 8 +-
 1 file changed, 7 insertions(+), 1 deletion(-)
Comment 15 Satyajit Bulage 2019-12-03 17:35:31 UTC 
Verified Version: 5.11.1.1.20191122174937_707df01
Comment 17 errata-xmlrpc 2019-12-13 00:35:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:4201
Note You need to log in before you can comment on or make changes to this bug.