ironic password config not marked as secret
Bug #1451931 reported by
Joe Gordon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Joe Gordon | ||
Juno |
Fix Released
|
Undecided
|
Michael McCune | ||
Kilo |
Fix Released
|
Undecided
|
Michael McCune | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
OpenStack Security Notes |
Fix Released
|
Undecided
|
Michael McCune |
Bug Description
The ironic config option for the password and auth token are not marked as secret so the values will get logged during startup in debug mode.
information type: | Public → Public Security |
tags: | added: kilo-backport-potential |
Changed in nova: | |
status: | New → Triaged |
assignee: | nobody → Joe Gordon (jogo) |
importance: | Undecided → Medium |
Changed in nova: | |
status: | Triaged → In Progress |
Changed in ossn: | |
assignee: | nobody → Michael McCune (mimccune) |
Changed in nova: | |
milestone: | none → liberty-1 |
status: | Fix Committed → Fix Released |
Changed in ossn: | |
status: | New → Fix Committed |
Changed in nova: | |
milestone: | liberty-1 → 12.0.0 |
To post a comment you must log in.
In the past, the VMT has not considered info leaks in debug logs to warrant an advisory. Reclassifying as security hardening.