Thanks for the update, and I agree it sounds like there's not yet a good argument for an advisory. Maybe we need to include a warning somewhere (install docs? security guide?) that short-lived console access credentials can be leaked in hypervisor host logs, and to take appropriate precautions when granting access to those logs.
As for the websockify leak, is there a corresponding bug opened upstream with its maintainers?
Thanks for the update, and I agree it sounds like there's not yet a good argument for an advisory. Maybe we need to include a warning somewhere (install docs? security guide?) that short-lived console access credentials can be leaked in hypervisor host logs, and to take appropriate precautions when granting access to those logs.
As for the websockify leak, is there a corresponding bug opened upstream with its maintainers?