Cinder logs rabbitmq password on connection log
Bug #1750074 reported by
Marga Millet
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
Undecided
|
Marga Millet | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
OpenStack Shared File Systems Service (Manila) |
Fix Released
|
Critical
|
Dustin Schoenbrun |
Bug Description
Cinder may log rabbitmq password on connection when DEBUG is on.
Example on cinder-
(Password has been replaced with XXX)
2018-02-05 19:21:52.721 35 DEBUG cinder.service [req-a2dbe0dd-
In a production environment, this is pretty bad.
Changed in cinder: | |
assignee: | nobody → Marga Millet (millet) |
Changed in manila: | |
assignee: | nobody → Dustin Schoenbrun (dschoenb) |
Changed in manila: | |
importance: | Undecided → Critical |
information type: | Public → Public Security |
To post a comment you must log in.
This applies to all releases.