Project

General

Profile

Bug #13608

file enforce content log file content which can have private info

Added by François ARMAND about 1 year ago. Updated 5 months ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Very Small
Priority:
0
Tags:

Description

In file enforce content, we have an info log with the file content. This can leak private info. The log must be removed.


Related issues

Related to ncf - Bug #13175: rudder agent log files content in user facilityReleasedActions

Associated revisions

Revision 01e928d6
Added by Vincent MEMBRÉ about 1 year ago

Merge pull request #837 from VinceMacBuche/bug_13608/_

Fixes #13608:

History

#1

Updated by Vincent MEMBRÉ about 1 year ago

first glance on the fix, a real pr arrives soon https://github.com/Normation/ncf/pull/836

#2

Updated by Vincent MEMBRÉ about 1 year ago

  • Status changed from New to In progress
  • Assignee set to Vincent MEMBRÉ
#3

Updated by Vincent MEMBRÉ about 1 year ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Vincent MEMBRÉ to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/ncf/pull/837
#4

Updated by Benoît PECCATTE about 1 year ago

  • Related to Bug #13175: rudder agent log files content in user facility added
#5

Updated by Nicolas CHARLES about 1 year ago

  • Status changed from Pending technical review to In progress
  • Assignee changed from Benoît PECCATTE to Nicolas CHARLES

I'm taking over this issue!

#6

Updated by Nicolas CHARLES about 1 year ago

Fix in 4.1 is really not trivial - it seems we need to rewrite the whole stack of loging to fix it.
Correcting in branch 4.3 in #13175

#7

Updated by Vincent MEMBRÉ about 1 year ago

  • Assignee changed from Nicolas CHARLES to Benoît PECCATTE
#8

Updated by Rudder Quality Assistant about 1 year ago

  • Assignee changed from Benoît PECCATTE to Vincent MEMBRÉ
#9

Updated by Vincent MEMBRÉ about 1 year ago

  • Status changed from In progress to Pending release
#11

Updated by Vincent MEMBRÉ about 1 year ago

  • Status changed from Pending release to Released
This bug has been fixed in Rudder 4.1.15, 4.3.5 and 5.0.1 which were released today.
Changelog
Changelog
Changelog
#12

Updated by Vincent MEMBRÉ 5 months ago

  • Private changed from Yes to No
  • Priority changed from 137 to 0

Also available in: Atom PDF