Description of problem: There are multiple components that shows the plain-text passwords in /var/log/messages during openstack overcloud update run. {'command': ['/bin/bash', '-c', "/usr/bin/virsh secret-define --file /etc/nova/secret.xml && /usr/bin/virsh secret-set-value --secret '3E4DB0C9-EA6B-4A8E-B3E1-FF8D5B3D2643' --base64 'SGVsbG8gdGhlcmUgOi0pCg=='"] /usr/bin/redis-cli -s /var/run/redis/redis.sock -a <password> info mysql --defaults-extra-file=/etc/my.cnf -nNE --connect-timeout=10 --user=clustercheck --password=<password> --host=localhost --port=3306 -e SHOW STATUS LIKE 'wsrep_local_state'; mysql -nNE --user=clustercheck --password=<password> -h localhost -e show status like 'wsrep_cluster_status'; Version-Release number of selected component (if applicable): RHOSP16.2 How reproducible: openstack overcloud update run And check /var/log/messages Actual results: Passwords are visible in /var/log/messages Expected results: The passwords should be redacted or hidden otherwise. Additional info:
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-3261
*** Bug 2212327 has been marked as a duplicate of this bug. ***
*** Bug 2212531 has been marked as a duplicate of this bug. ***