IPA displays IPMI credentials in DEBUG logs during cleaning
Bug #1744836 reported by
Tony Breeds
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ironic |
Fix Released
|
High
|
Dmitry Tantsur | ||
Ocata |
Fix Released
|
High
|
Dmitry Tantsur | ||
Pike |
Fix Released
|
High
|
Dmitry Tantsur | ||
Queens |
Fix Released
|
High
|
Dmitry Tantsur |
Bug Description
While looking at an unrelated bug I noticed that IPA when run at debug level will display in the clear IPMI (and probably other drivers) details. If the logs are fed into logstash or similar this disclosure can result in a user being able to disrupt baremetal nodes.
This is similar to https:/
Changed in ironic: | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Dmitry Tantsur (divius) |
information type: | Private Security → Public Security |
summary: |
- IPA displays IPMI credentials + IPA displays IPMI credentials in DEBUG logs during cleaning |
To post a comment you must log in.
The draft master patch attached, please review. I did not test it yet, as I don't have an environment ready for cleaning. Tony, do you think you could test it for me?