OpenStack Compute (nova)

  1. Series icehouse
  2. Bug #1343604
  3. Comment #11

Comment 11 for bug 1343604

Revision history for this message
Tristan Cacqueray (tristan-cacqueray) wrote : Re: Exceptions thrown, and messages logged by execute() may include passwords

After looking more closely at the affected project usage, it's not as broad as it firsts sounded. Either service does not log the exception/mask_password, either vulnerable are used without any password/sensitive data on command line.

Yet here is a more concrete list of vulnerable code:

execute: [stable/havana]:
 * cinder (cinder/brick/iscsi/iscsi.py:414),
 * nova (no clear vulnerable usage, yet the exception is re-implemented in tools/esx/guest_tool.py and nova/virt/powervm/operator.py:213 is logging the exception)

mask_password: [stable/icehouse]:
 * trove (trove/extensions/mysql/service.py:85)
execute: [stable/icehouse]:
 * cinder (cinder/zonemanager/drivers/brocade/brcd_fc_zone_client_cli.py:331),
 * nova (unclear),
 * trove (unclear)

mask_password: [master]:
 * trove (trove/instance/service.py:181)
execute: [master]:
 * cinder (cinder/zonemanager/drivers/brocade/brcd_fc_zone_client_cli.py:336),
 * trove (trove/guestagent/strategies/restore/couchbase_impl.py:193)

@trove-coresec and @cinder-coresec: Can you please confirmed the impacted code ?

@nova-coresec: Can you please double check Nova codebase for those vulnerability ?