swiftclient disclose token in debug logs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Security Notes |
Fix Released
|
Undecided
|
N Dillon | ||
python-swiftclient |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Setup: juno. Nova, glance + swiftclient.
glance-api.conf (important parts):
[DEFAULT]
debug = true
logging_
logging_
logging_
logging_
default_store = swift
use_syslog = True
syslog_log_facility = LOG_LOCAL2
swift_store_
swift_store_user = tenant:user
swift_store_key = sexgodqwerty123
Result in remote syslog:
DEBUG REQ: curl -i https:/
Versions:
ii python-swift 2.2.0-0ubuntu1~
ii python-swiftclient 1:2.3.0-
ii glance-api 1:2014.
ii glance-common 1:2014.2.3-ownbuild all OpenStack Image Registry and Delivery Service - Common
ii python-glance 1:2014.
ii python-glance-store 0.1.8-1ubuntu2~
ii python-glanceclient 1:0.14.
Impact:
1) Unprivileged employee with access to logging facility may get access to glance images, including snapshots of the tenants.
2) Syslog transmitted unencrypted in UDP or TCP and it may be viewed by unauthorized person.
Expected behavior:
Complete or partial token masking in logs, f.e.:
DEBUG REQ: curl -i https:/
no longer affects: | glance |
Changed in ossn: | |
assignee: | nobody → N Dillon (sicarie) |
Changed in ossn: | |
status: | New → In Progress |
DEBUG logs leak are not considered as a vulnerability and it doesn't warrant a private bug status. Thus I'm marking this bug as public security. Thanks.