Actions
Bug #19169
closedCVE-2017-2672 - audit trail leaks sensitive data for Image events
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Description
If one looks at an audit record for Image creation, the password used is recorded in plaintext. This must be censored.
The attached image is rendered from a specific audit entry, such as: https://katello.acme.com/audits/1234
Files
Updated by Marek Hulán over 7 years ago
- Category changed from Web Interface to Audit Log
Updated by The Foreman Bot over 7 years ago
- Status changed from New to Ready For Testing
- Assignee set to Marek Hulán
- Pull request https://github.com/theforeman/foreman/pull/4438 added
Updated by Dominic Cleal over 7 years ago
- Subject changed from audit trail leaks sensitive data for Image events to CVE-2017-2672 - audit trail leaks sensitive data for Image events
Report forwarded to foreman-security@googlegroups.com, CVE-2017-2672 was assigned to identify the vulnerability.
Updated by Marek Hulán over 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 02489389f1a4443e1f437b86aa7ce245f1437020.
Updated by Daniel Lobato Garcia over 7 years ago
- Translation missing: en.field_release set to 209
Setting to 1.15, it'll be cherry-picked for RC2.
Updated by Tomer Brisker over 7 years ago
- Related to Refactor #20116: Redact sensitive information from audit logs added
Updated by Anonymous about 7 years ago
- Related to Refactor #21920: Refactor password auditing added
Actions