CVE-2017-2672 - audit trail leaks sensitive data for Image events
If one looks at an audit record for Image creation, the password used is recorded in plaintext. This must be censored.
The attached image is rendered from a specific audit entry, such as: https://katello.acme.com/audits/1234
- Category changed from Web Interface to Audit Log
- Status changed from New to Ready For Testing
- Assignee set to Marek Hulán
- Pull request https://github.com/theforeman/foreman/pull/4438 added
- Subject changed from audit trail leaks sensitive data for Image events to CVE-2017-2672 - audit trail leaks sensitive data for Image events
- Target version set to 1.13.0
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
- Legacy Backlogs Release (now unused) set to 209
Setting to 1.15, it'll be cherry-picked for RC2.
- Bugzilla link set to 1447510
- Related to Refactor #20116: Redact sensitive information from audit logs added
Also available in: Atom