2302697 – [GSS] noobaa-operator logs expose aws secret

Bug 2302697 - [GSS] noobaa-operator logs expose aws secret

Summary: [GSS] noobaa-operator logs expose aws secret

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenShift Data Foundation
Classification:	Red Hat Storage
Component:	Multi-Cloud Object Gateway
Sub Component:
Version:	4.12
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	ODF 4.15.7
Assignee:	Liran Mauda
QA Contact:	Mahesh Shetty
Docs Contact:
URL:
Whiteboard:
Depends On:	2277186
Blocks:
TreeView+	depends on / blocked

Reported:	2024-08-04 06:19 UTC by Liran Mauda
Modified:	2024-10-01 07:19 UTC (History)
CC List:	7 users (show)
Fixed In Version:	4.15.7-1
Doc Type:	If docs needed, set a value
Doc Text:	Previously, the noobaa-operator logs exposed the AWS secret as plain text, which caused a potential risk that anyone with logs could access the buckets. With this fix, noobaa-operator logs no longer expose AWS secrets.
Clone Of:	2277186
Environment:
Last Closed:	2024-10-01 07:19:38 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	noobaa noobaa-operator pull 1353	None	Merged	Fix printing of Identity	2024-08-04 06:19:32 UTC
Github	noobaa noobaa-operator pull 1429	None	Merged	[Backport into 5.15] Backport fixes	2024-09-10 07:46:34 UTC
Red Hat Issue Tracker	OCSBZM-8944	None	None	None	2024-09-04 09:54:55 UTC
Red Hat Product Errata	RHBA-2024:7440	None	None	None	2024-10-01 07:19:40 UTC

Description Liran Mauda 2024-08-04 06:19:32 UTC

+++ This bug was initially created as a clone of Bug #2277186 +++

Comment 3 Sunil Kumar Acharya 2024-09-05 19:21:00 UTC

Please backport the fix to ODF-4.15 and update the RDT flag/text appropriately.

Comment 10 errata-xmlrpc 2024-10-01 07:19:38 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenShift Data Foundation 4.15.7 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:7440

Note You need to log in before you can comment on or make changes to this bug.