You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "lujie (Jira)" <ji...@apache.org> on 2021/03/22 01:36:00 UTC
[jira] [Closed] (CLOUDSTACK-10424) Potential sensitive information
disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
lujie closed CLOUDSTACK-10424.
------------------------------
Resolution: Won't Fix
> Potential sensitive information disclosure
> ------------------------------------------
>
> Key: CLOUDSTACK-10424
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10424
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Reporter: lujie
> Priority: Major
>
> We should never expose sensitive information by loggging, even at trace level, see
> [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java#L615]
> (variable job contains sensitive information)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)