Project

General

Profile

Bug #34573

Settings defined by DSL are not properly encrypted

Added by Ondřej Ezr 9 months ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

The values set for the DSL defined settings are not properly encrypted.
This is caused by the encrypted flag not being propagated for newly created settings and thus only new Foreman instances are affected.

How to reproduce:

1. Remove contents of settings table
2. Start foreman
3. Set a encrypted setting e.g. root_pass to any value
4. See the value in database for this setting. (possibly also from console by `Setting.find_by(name: 'root_pass').read_attribute(:value)`

34573.patch 34573.patch 7.34 KB Proposed patch v1 Ondřej Ezr, 03/08/2022 01:03 PM

Related issues

Related to Foreman - Feature #30862: Introduce SettingRegistry as a setting inventoryClosed

Associated revisions

Revision 3253d649 (diff)
Added by Ondřej Ezr 9 months ago

Fixes #34573 - encrypt DSL setting values

DSL setting values were not properly encrypted as the encryption flag has not been propagated into DB model.

History

#1 Updated by Ondřej Ezr 9 months ago

  • Target version set to 3.1.3
  • Found in Releases 3.1.3 added

#2 Updated by Ondřej Ezr 9 months ago

  • Related to Feature #30862: Introduce SettingRegistry as a setting inventory added

#3 Updated by Ondřej Ezr 9 months ago

  • Description updated (diff)

#4 Updated by Ondřej Ezr 9 months ago

#5 Updated by Ondřej Ezr 9 months ago

  • Found in Releases 3.1.0 added
  • Found in Releases deleted (3.1.3)

How to reproduce:

1. Remove contents of settings table
2. Start foreman
3. Set a encrypted setting e.g. root_pass to any value
4. See the value in database for this setting. (possibly also from console by `Setting.find_by(name: 'root_pass').read_attribute(:value)`

#6 Updated by Ondřej Ezr 9 months ago

  • Description updated (diff)

#7 Updated by Ondřej Ezr 9 months ago

  • Private changed from Yes to No

As discussed, this can be disclosed.

#8 Updated by The Foreman Bot 9 months ago

  • Assignee set to Ondřej Ezr
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/9139 added

#9 Updated by Ondřej Ezr 9 months ago

  • Bugzilla link set to 2061773

#10 Updated by The Foreman Bot 9 months ago

  • Fixed in Releases 3.3.0 added

#11 Updated by Ondřej Ezr 9 months ago

  • Status changed from Ready For Testing to Closed

#12 Updated by Ondřej Ezr 9 months ago

  • Fixed in Releases 3.1.3, 3.2.0 added

Also available in: Atom PDF