New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
removing args from task_fields as it can contain sensitive data #63527
removing args from task_fields as it can contain sensitive data #63527
Conversation
e92a2ab
to
ee8d406
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR.
ee8d406
to
7681345
Compare
@Akasurde this is ready for review |
ping |
@poblahblahblah I am waiting for Red Hat Security Team's feedback on this. I will keep you updated on this once I have something. Thanks. |
CVE-2019-14864 Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs Fixes ansible#63522 Signed-off-by: Patrick O’Brien <patrick.obrien@thetradedesk.com> Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
7681345
to
3926f5d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
+1 looks good and ready to backport as well. |
…ugin(ansible#63527) CVE-2019-14864 Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs Fixes ansible#63522 Signed-off-by: Patrick O’Brien <patrick.obrien@thetradedesk.com> Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> (cherry picked from commit c76e074)
…ugin(#63527) (#64748) CVE-2019-14864 Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs Fixes #63522 Signed-off-by: Patrick O’Brien <patrick.obrien@thetradedesk.com> Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> (cherry picked from commit c76e074)
SUMMARY
Brute force way of addressing #63522. I considered other alternatives, such as only removing args if no_log was set to true on the task, but it's not guaranteed that no_log will be set on a task that consumes a module where a param has no_log set.
Fixes #63522
ISSUE TYPE
COMPONENT NAME
sumologic callback
ADDITIONAL INFORMATION