You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "lujie (Jira)" <ji...@apache.org> on 2021/03/22 01:36:00 UTC

[jira] [Closed] (CLOUDSTACK-10424) Potential sensitive information disclosure

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-10424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

lujie closed CLOUDSTACK-10424.
------------------------------
    Resolution: Won't Fix

> Potential sensitive information disclosure
> ------------------------------------------
>
>                 Key: CLOUDSTACK-10424
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10424
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: lujie
>            Priority: Major
>
> We should never expose sensitive information by loggging, even at trace level, see
> [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java#L615]
> (variable job contains sensitive information)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)