service-rabbitmq logs password in cleartext

Bug #1865840 reported by Radosław Piliszek
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
Fix Released
High
Radosław Piliszek
Train
Fix Released
High
Radosław Piliszek
Ussuri
Fix Released
High
Radosław Piliszek

Bug Description

service-rabbitmq logs password in cleartext

Tags: security
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/710922

Changed in kolla-ansible:
status: Triaged → In Progress
Revision history for this message
Mark Goddard (mgoddard) wrote :

Would be good to provide an example of leakage for reference.

Revision history for this message
Radosław Piliszek (yoctozepto) wrote :

Ack, special for you. Ara example output (CI):

https://03319cc15cd4fcfb2a78-9347d83a8fe43a1fb2bb874d5a705361.ssl.cf5.rackcdn.com/706616/7/check/kolla-ansible-centos-source/4988719/primary/ara-report/ara-html/ (link will expire)

Item

{
    "password": "eONx3MvGdF7cuKflJ9s42GzuEQyyRCFLgTIX6Rfv",
    "user": "openstack",
    "vhost": "/"
}

Analogously running verbose mode.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to kolla-ansible (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/710969

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/710922
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=b1a4d8848af581388e0620d967c0ca36b000bf10
Submitter: Zuul
Branch: master

commit b1a4d8848af581388e0620d967c0ca36b000bf10
Author: Radosław Piliszek <email address hidden>
Date: Tue Mar 3 09:18:39 2020 +0100

    service-rabbitmq: do not log password (use no_log)

    Change-Id: I68a40bebc174e8ebdaea36a0689b34cadb9009d2
    Closes-bug: #1865840

Changed in kolla-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/710990

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/train)

Reviewed: https://review.opendev.org/710990
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=071033fd442f1ead3dfd17ae716d0d9916290aca
Submitter: Zuul
Branch: stable/train

commit 071033fd442f1ead3dfd17ae716d0d9916290aca
Author: Radosław Piliszek <email address hidden>
Date: Tue Mar 3 09:18:39 2020 +0100

    service-rabbitmq: do not log password (use no_log)

    Change-Id: I68a40bebc174e8ebdaea36a0689b34cadb9009d2
    Closes-bug: #1865840
    (cherry picked from commit b1a4d8848af581388e0620d967c0ca36b000bf10)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.