Actions
Bug #19169
closedCVE-2017-2672 - audit trail leaks sensitive data for Image events
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Description
If one looks at an audit record for Image creation, the password used is recorded in plaintext. This must be censored.
The attached image is rendered from a specific audit entry, such as: https://katello.acme.com/audits/1234
Files
Updated by Dominic Cleal about 8 years ago
- Subject changed from audit trail leaks sensitive data for Image events to CVE-2017-2672 - audit trail leaks sensitive data for Image events
Report forwarded to foreman-security@googlegroups.com, CVE-2017-2672 was assigned to identify the vulnerability.
Updated by Marek Hulán about 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 02489389f1a4443e1f437b86aa7ce245f1437020.
Updated by Daniel Lobato Garcia about 8 years ago
- Translation missing: en.field_release set to 209
Setting to 1.15, it'll be cherry-picked for RC2.
Actions