Project

General

Profile

Actions

Bug #19169

closed

CVE-2017-2672 - audit trail leaks sensitive data for Image events

Added by Daniel Kimsey over 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Audit Log
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

If one looks at an audit record for Image creation, the password used is recorded in plaintext. This must be censored.

The attached image is rendered from a specific audit entry, such as: https://katello.acme.com/audits/1234


Files


Related issues 2 (1 open1 closed)

Related to Foreman - Refactor #20116: Redact sensitive information from audit logsNew06/27/2017Actions
Related to Foreman - Refactor #21920: Refactor password auditingClosedTomer Brisker12/10/2017Actions
Actions

Also available in: Atom PDF