Project

General

Custom queries

Profile

Actions
Copy link

Bug #19169

closed

CVE-2017-2672 - audit trail leaks sensitive data for Image events

Added by Daniel Kimsey about 8 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Marek Hulán
Category:
Audit Log
Target version:
1.15.0
Difficulty:
Triaged:
Bugzilla link:
1447510
Pull request:
https://github.com/theforeman/foreman/pull/4438
Fixed in Releases:
Found in Releases:
1.13.4
Red Hat JIRA:

Description

If one looks at an audit record for Image creation, the password used is recorded in plaintext. This must be censored.

The attached image is rendered from a specific audit entry, such as: https://katello.acme.com/audits/1234

Files

Screen_Shot_2017-04-04_at_14_43_36.png View Screen_Shot_2017-04-04_at_14_43_36.png 37.8 KB Daniel Kimsey, 04/04/2017 03:55 PM

Related issues 2 (1 open1 closed)

Related to Foreman - Refactor #20116: Redact sensitive information from audit logsNew06/27/2017Actions
Related to Foreman - Refactor #21920: Refactor password auditingClosedTomer Brisker12/10/2017Actions
Actions
Copy link
 #3

Updated by Dominic Cleal about 8 years ago

  • Subject changed from audit trail leaks sensitive data for Image events to CVE-2017-2672 - audit trail leaks sensitive data for Image events

Report forwarded to , CVE-2017-2672 was assigned to identify the vulnerability.

Actions
Copy link
 #5

Updated by Marek Hulán about 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link
 #6

Updated by Daniel Lobato Garcia about 8 years ago

  • Translation missing: en.field_release set to 209

Setting to 1.15, it'll be cherry-picked for RC2.

Actions
Copy link

Also available in: Atom PDF