@slicknik Can you confirm trove/icehouse is not impacted? This may leak password if the request does not encapsulate password with '"'' https://github.com/openstack/trove/blob/stable/icehouse/trove/extensions/mysql/service.py#L85 e.g., >>> mask_password("requests.... password=SECRET") u'requests.... password=SECRET'
@cinder-coresec: Can you check how an execution error in this call will get handled ? https://github.com/openstack/cinder/blob/stable/havana/cinder/brick/iscsi/iscsi.py#L419 e.g., if the exception is logged it might leak the password to logs (either because password is not encapsulated with '"', either because the mask_password is not called)
@Tracy Jones: Can you explain why did you added "compute" tag ? I double check nova source code and couldn't find a clear code path that would leak a password by logging ProcessExecutionError exception.
@slicknik Can you confirm trove/icehouse is not impacted? This may leak password if the request does not encapsulate password with '"'' /github. com/openstack/ trove/blob/ stable/ icehouse/ trove/extension s/mysql/ service. py#L85 "requests. ... password=SECRET")
https:/
e.g., >>> mask_password(
u'requests.... password=SECRET'
@cinder-coresec: Can you check how an execution error in this call will get handled ? /github. com/openstack/ cinder/ blob/stable/ havana/ cinder/ brick/iscsi/ iscsi.py# L419
https:/
e.g., if the exception is logged it might leak the password to logs (either because password is not encapsulated with '"', either because the mask_password is not called)
@Tracy Jones: Can you explain why did you added "compute" tag ? I double check nova source code and couldn't find a clear code path that would leak a password by logging ProcessExecutio nError exception.