CVE-2017-2672 - audit trail leaks sensitive data for Image events
|Assigned To:||Marek Hulán|
|Target version:||Team Marek Iteration 13|
|Found in release:||1.13.4||Pull request:||https://github.com/theforeman/foreman/pull/4438|
|Velocity based estimate||-|
If one looks at an audit record for Image creation, the password used is recorded in plaintext. This must be censored.
The attached image is rendered from a specific audit entry, such as: https://katello.acme.com/audits/1234