OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1761054] Re: nova log expose password when swapvolume


Adding a "won't fix" state for security advisory publication, as the
vulnerability management team considers information leaks in DEBUG level
logs as "a vulnerability in experimental or debugging features not
intended for production use" (class B3 in the report taxonomy):
https://security.openstack.org/vmt-process.html#incident-report-taxonomy

-- 
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1761054

Title:
  nova log expose password when swapvolume

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  http://logs.openstack.org/50/557150/6/check/tempest-
  full/1f9c9f2/controller/logs/screen-n-cpu.txt.gz#_Mar_30_08_37_13_371323

  u'auth_password': u'8KigD3KKykJkJixs', u'auth_username':
  u'6m4wAHCZVqFfTQaF4eZu',

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1761054/+subscriptions