Couchbase use a password on the commandline

Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.

We should doublecheck the log aspect -- but otherwise since there are no local users on a Trove node, unless there is a SQL command that lets you read the process table, that should be pretty shallow.

I couldn't get a cassandra datastore to try to reproduce that bug.

Nikhil, can you check whenever a user is able to control the password value and when the command fail, does it leaks in logs ?

Will check this out in a Couchbase env and get more details.

Nikhil, any progress ?

I spun up a couchbase instance and took a backup, and was able to repro this.

 The password is not leaked in any of the service logs (i.e. trove api, taskmanager, or conductor) but it _is_ leaked in the trove-guestagent log. The guest-instance (as Thierry mentions above) is not accessible to users, so this is somewhat mitigated -- but I'd like to have this fixed in the guest-agent as hardening, so that we don't end up with the password in the log.

Thanks,
Nikhil

Thanks for the debunking, so this is a class C1 type of bug ( https://security.openstack.org/vmt-process.html#incident-report-taxonomy ).

Just removed the CVE reference since it is being rejected by CNA.

Nikhil, any update on this?

This is not an issue any longer as log messages are scrubbed with mask_passwords.