[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1685678] Change abandoned on nova (master)

*** This bug is a duplicate of bug 1761054 ***

Change abandoned by Matt Riedemann (mriedem.os at on branch: master
Reason: Looks like it was fixed under a different bug

You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.

  swap volume operation may leak credentials into debug logs

Status in OpenStack Compute (nova):
  In Progress
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  The swap volume code in the compute service logs old and new volume
  connection_info dicts to debug here:

  The new connection_info comes from Cinder:

  That's a plain dict from the response which may contain credentials.

  The old connection_info comes from the
  nova.objects.block_device.BlockDeviceMapping object, which uses
  SensitiveStringField to sanitize the field's value when logged:

  The new connection_info could contain credentials though, so we should
  mask those when logging it, even at debug level.

To manage notifications about this bug go to: