nova log expose password when swapvolume

Bug #1761054 reported by jichenjc on 2018-04-04
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Undecided
jichenjc
OpenStack Security Advisory
Undecided
Unassigned

Bug Description

jichenjc (jichenjc) on 2018-04-04
Changed in nova:
assignee: nobody → jichenjc (jichenjc)
tags: added: security

Fix proposed to branch: master
Review: https://review.openstack.org/558694

Changed in nova:
status: New → In Progress

Reviewed: https://review.openstack.org/558694
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=1b61d6c08c7c86834acab45320230824b88d529c
Submitter: Zuul
Branch: master

commit 1b61d6c08c7c86834acab45320230824b88d529c
Author: jichenjc <email address hidden>
Date: Wed Apr 4 13:26:01 2018 +0800

    Avoid showing password in log

    per bug indicated, the password is shown in the log.

    https://github.com/openstack/oslo.utils/blob/master/oslo_utils/strutils.py#L295
    indicated auth_password can be masked through mask_password method.

    Change-Id: I725eea1866642b40cc6b065ed0e8aefb91ca2889
    Closes-Bug: 1761054

Changed in nova:
status: In Progress → Fix Released
Jeremy Stanley (fungi) on 2018-04-17
Changed in ossa:
status: New → Won't Fix
Jeremy Stanley (fungi) wrote :

Adding a "won't fix" state for security advisory publication, as the vulnerability management team considers information leaks in DEBUG level logs as "a vulnerability in experimental or debugging features not intended for production use" (class B3 in the report taxonomy): https://security.openstack.org/vmt-process.html#incident-report-taxonomy

Reviewed: https://review.openstack.org/559603
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=df90dfd5cdf76c65b8d8a539d79e384c82c8428c
Submitter: Zuul
Branch: stable/queens

commit df90dfd5cdf76c65b8d8a539d79e384c82c8428c
Author: jichenjc <email address hidden>
Date: Wed Apr 4 13:26:01 2018 +0800

    Avoid showing password in log

    per bug indicated, the password is shown in the log.

    https://github.com/openstack/oslo.utils/blob/master/oslo_utils/strutils.py#L295
    indicated auth_password can be masked through mask_password method.

    Change-Id: I725eea1866642b40cc6b065ed0e8aefb91ca2889
    Closes-Bug: 1761054
    (cherry picked from commit 1b61d6c08c7c86834acab45320230824b88d529c)

tags: added: in-stable-queens

This issue was fixed in the openstack/nova 18.0.0.0b1 development milestone.

This issue was fixed in the openstack/nova 17.0.3 release.

Reviewed: https://review.openstack.org/561850
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=978066fe31a5331f143a05e1fd753c729b2dcf09
Submitter: Zuul
Branch: stable/pike

commit 978066fe31a5331f143a05e1fd753c729b2dcf09
Author: jichenjc <email address hidden>
Date: Wed Apr 4 13:26:01 2018 +0800

    Avoid showing password in log

    per bug indicated, the password is shown in the log.

    https://github.com/openstack/oslo.utils/blob/master/oslo_utils/strutils.py#L295
    indicated auth_password can be masked through mask_password method.

    Conflicts:
            nova/compute/manager.py

    NOTE(lyarwood): Conflicts caused by Ica323b87fa85a454fca9d46ada3677f18fe50022
    and Ifc01dbf98545104c998ab96f65ff8623a6db0f28 not being present in Pike.
    Additionally If12e7860baad2899380f06144a0270784a5466b8 was not present
    in Queens but landed in Pike and Ocata as a stable only change.

    Change-Id: I725eea1866642b40cc6b065ed0e8aefb91ca2889
    Closes-Bug: 1761054
    (cherry picked from commit 1b61d6c08c7c86834acab45320230824b88d529c)
    (cherry picked from commit df90dfd5cdf76c65b8d8a539d79e384c82c8428c)

tags: added: in-stable-pike

Reviewed: https://review.openstack.org/561851
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=c17516f3999447ad0d4ec7ecd8f223f6468b693a
Submitter: Zuul
Branch: stable/ocata

commit c17516f3999447ad0d4ec7ecd8f223f6468b693a
Author: jichenjc <email address hidden>
Date: Wed Apr 4 13:26:01 2018 +0800

    Avoid showing password in log

    per bug indicated, the password is shown in the log.

    https://github.com/openstack/oslo.utils/blob/master/oslo_utils/strutils.py#L295
    indicated auth_password can be masked through mask_password method.

    Conflicts:
            nova/compute/manager.py

    NOTE(lyarwood): Conflicts caused by Ica323b87fa85a454fca9d46ada3677f18fe50022
    and Ifc01dbf98545104c998ab96f65ff8623a6db0f28 not being present in Pike.
    Additionally If12e7860baad2899380f06144a0270784a5466b8 was not present
    in Queens but landed in Pike and Ocata as a stable only change.

    Change-Id: I725eea1866642b40cc6b065ed0e8aefb91ca2889
    Closes-Bug: 1761054
    (cherry picked from commit 1b61d6c08c7c86834acab45320230824b88d529c)
    (cherry picked from commit df90dfd5cdf76c65b8d8a539d79e384c82c8428c)
    (cherry picked from commit 978066fe31a5331f143a05e1fd753c729b2dcf09)

tags: added: in-stable-ocata

This issue was fixed in the openstack/nova 15.1.3 release.

This issue was fixed in the openstack/nova 16.1.5 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers