[jira] [Created] (CLOUDSTACK-10423) Potential sensitive information disclosure

lujie created CLOUDSTACK-10423: -- Summary: Potential sensitive information disclosure Key: CLOUDSTACK-10423 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10423 Project: CloudStack Issue

[jira] [Updated] (CLOUDSTACK-10423) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10423: --- Description: As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48

[jira] [Updated] (CLOUDSTACK-10423) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10423: --- Description: As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48

[jira] [Updated] (CLOUDSTACK-10423) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10423: --- Description: As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48

[jira] [Updated] (CLOUDSTACK-10423) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10423: --- Description: As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48

[jira] [Updated] (CLOUDSTACK-10423) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10423: --- Description: As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48

[jira] [Created] (CLOUDSTACK-10424) Potential sensitive information disclosure

lujie created CLOUDSTACK-10424: -- Summary: Potential sensitive information disclosure Key: CLOUDSTACK-10424 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10424 Project: CloudStack Issue T

[jira] [Updated] (CLOUDSTACK-10424) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10424: --- Description: We should never expose sensitive information by loggging, see [https://github.com

[jira] [Updated] (CLOUDSTACK-10424) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10424: --- Description: We should never expose sensitive information by loggging, even at trace level, se

[jira] [Updated] (CLOUDSTACK-10424) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10424: --- Description: We should never expose sensitive information by loggging, even at trace level, se

[jira] [Created] (CLOUDSTACK-10425) Potential sensitive information disclosure

lujie created CLOUDSTACK-10425: -- Summary: Potential sensitive information disclosure Key: CLOUDSTACK-10425 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10425 Project: CloudStack Issue T

[jira] [Updated] (CLOUDSTACK-10425) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10425: --- Attachment: CLOUDSTACK-10425.PNG > Potential sensitive information disclosure > ---

[jira] [Updated] (CLOUDSTACK-10425) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10425: --- Attachment: (was: CLOUDSTACK-10425.PNG) > Potential sensitive information disclosure >

[jira] [Updated] (CLOUDSTACK-10425) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10425: --- Description: !CLOUDSTACK-10425.PNG!   > Potential sensitive information disclosure > --

[jira] [Updated] (CLOUDSTACK-10425) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10425: --- Attachment: CLOUDSTACK-10425.PNG > Potential sensitive information disclosure > ---

[jira] [Updated] (CLOUDSTACK-10425) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10425: --- Attachment: (was: CLOUDSTACK-10425.PNG) > Potential sensitive information disclosure >

[jira] [Updated] (CLOUDSTACK-10425) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10425: --- Description: !CLOUDSTACK-10425.PNG!    (was: !CLOUDSTACK-10425.PNG!  ) > Potential sensitive i

[jira] [Updated] (CLOUDSTACK-10425) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10425: --- Attachment: CLOUDSTACK-10425.PNG > Potential sensitive information disclosure > ---

[jira] [Created] (CLOUDSTACK-10432) Audit logging in CloudStack servers.

lujie created CLOUDSTACK-10432: -- Summary: Audit logging in CloudStack servers. Key: CLOUDSTACK-10432 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10432 Project: CloudStack Issue Type: N

[jira] [Updated] (CLOUDSTACK-10432) Audit logging in CloudStack servers.

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10432?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10432: --- Description: Lots of users had questions on debugging which client access the CloudStack, like

[jira] [Resolved] (CLOUDSTACK-10425) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie resolved CLOUDSTACK-10425. Resolution: Fixed > Potential sensitive information disclosure >

[jira] [Commented] (CLOUDSTACK-10425) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17305816#comment-17305816 ] lujie commented on CLOUDSTACK-10425: closed as fixed > Potential sensitive inf

[jira] [Resolved] (CLOUDSTACK-10423) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie resolved CLOUDSTACK-10423. Resolution: Fixed > Potential sensitive information disclosure > --

[jira] [Closed] (CLOUDSTACK-10424) Potential sensitive information disclosure

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie closed CLOUDSTACK-10424. -- Resolution: Won't Fix > Potential sensitive information disclosure >

[jira] [Created] (CLOUDSTACK-10434) updateVolume should have access check

lujie created CLOUDSTACK-10434: -- Summary: updateVolume should have access check Key: CLOUDSTACK-10434 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10434 Project: CloudStack Issue Type:

[jira] [Updated] (CLOUDSTACK-10434) some APIs in VolumeApiServiceImpl need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Description: it seems that some API in lack access check (was: it seems that updateVolume lack

[jira] [Updated] (CLOUDSTACK-10434) some APIs in VolumeApiServiceImpl need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Summary: some APIs in VolumeApiServiceImpl need access check (was: updateVolume should have ac

[jira] [Updated] (CLOUDSTACK-10434) some APIs in VolumeApiServiceImpl need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Description: it seems that some APIs in  VolumeApiServiceImpl  lack access check. list here  

[jira] [Updated] (CLOUDSTACK-10434) some APIs in VolumeApiServiceImpl need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Description: I think some APIs in  VolumeApiServiceImpl  lack access check. I will list them i

[jira] [Updated] (CLOUDSTACK-10434) some APIs in VolumeApiServiceImpl need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Description: I think some APIs in  VolumeApiServiceImpl  lack access check. I will list them i

[jira] [Updated] (CLOUDSTACK-10434) some APIs in VolumeApiServiceImpl need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Description: I think some APIs in  VolumeApiServiceImpl  lack access check. I will list them i

[jira] [Updated] (CLOUDSTACK-10434) some APIs in VolumeApiServiceImpl need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Issue Type: Bug (was: New Feature) > some APIs in VolumeApiServiceImpl need access check > ---

[jira] [Updated] (CLOUDSTACK-10434) some APIs in VolumeApiServiceImpl need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Priority: Blocker (was: Major) > some APIs in VolumeApiServiceImpl need access check > ---

[jira] [Updated] (CLOUDSTACK-10434) some APIs need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Summary: some APIs need access check (was: some APIs in VolumeApiServiceImpl need access check

[jira] [Updated] (CLOUDSTACK-10434) some APIs need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Description: I think some APIs in  VolumeApiServiceImpl  lack access check. I will list them i

[jira] [Updated] (CLOUDSTACK-10434) some APIs need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Description: I think some APIs in  VolumeApiServiceImpl  lack access check. I will list them i

[jira] [Updated] (CLOUDSTACK-10434) some APIs need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Description: I think some APIs in  VolumeApiServiceImpl  lack access check. I will list them i

[jira] [Updated] (CLOUDSTACK-10434) some APIs need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Description: I think some APIs in  VolumeApiServiceImpl  lack access check. I will list them i

[jira] [Updated] (CLOUDSTACK-10434) some APIs need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Description: I think some APIs in  VolumeApiServiceImpl  lack access check. I will list them i

[jira] [Updated] (CLOUDSTACK-10434) some APIs need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Description: I think some APIs in  VolumeApiServiceImpl  lack access check. I will list them i

[jira] [Updated] (CLOUDSTACK-10434) some APIs need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Description: I think some APIs in  VolumeApiServiceImpl  lack access check. I will list them i

[jira] [Updated] (CLOUDSTACK-10434) some APIs need access check

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10434: --- Description: I think some APIs in  VolumeApiServiceImpl  lack access check. I will list them i

[jira] [Created] (CLOUDSTACK-10436) We need remind users to use correct permission for tmp dir

lujie created CLOUDSTACK-10436: -- Summary: We need remind users to use correct permission for tmp dir Key: CLOUDSTACK-10436 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10436 Project: CloudStack

[jira] [Updated] (CLOUDSTACK-10436) We need remind users to use correct permission for tmp dir

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10436?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10436: --- Priority: Critical (was: Major) > We need remind users to use correct permission for tmp dir >

[jira] [Updated] (CLOUDSTACK-10436) We need remind users to use correct permission for tmp dir

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10436?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10436: --- Labels: security-issue (was: ) > We need remind users to use correct permission for tmp dir >

[jira] [Updated] (CLOUDSTACK-10436) We need remind users to use correct permission for tmp dir

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10436?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10436: --- Description: I think there is a potential securiry issuse in createUniqDir#JavaStorageLayer  

[jira] [Updated] (CLOUDSTACK-10436) We need remind users to use correct permission for tmp dir

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10436?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10436: --- Description: I think there is a potential securiry issuse in createUniqDir#JavaStorageLayer  

[jira] [Created] (CLOUDSTACK-10356) Fix Some Potential NPE

lujie created CLOUDSTACK-10356: -- Summary: Fix Some Potential NPE Key: CLOUDSTACK-10356 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10356 Project: CloudStack Issue Type: Bug Secu

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool to  [NPEDetector|https://github.com/lujief

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool to  [NPEDetector|https://github.com/lujief

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool to  [NPEDetector|https://github.com/lujief

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool to  [NPEDetector|https://github.com/lujief

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool to  [NPEDetector|https://github.com/lujief

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool to  [NPEDetector|https://github.com/lujief

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool to  [NPEDetector|https://github.com/lujief

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool to  [NPEDetector|https://github.com/lujief

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool to  [NPEDetector|https://github.com/lujief

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool to  [NPEDetector|https://github.com/lujief

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool to  [NPEDetector|https://github.com/lujief

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool  [NPEDetector|https://github.com/lujiefsi/

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool  [NPEDetector|https://github.com/lujiefsi/

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool  [NPEDetector|https://github.com/lujiefsi/

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool  [NPEDetector|https://github.com/lujiefsi/

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Description: We have developed a static analysis tool  [NPEDetector|https://github.com/lujiefsi/

[jira] [Updated] (CLOUDSTACK-10356) Fix Some Potential NPE

[ https://issues.apache.org/jira/browse/CLOUDSTACK-10356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10356: --- Attachment: CLOUDSTACK-10356_1.patch > Fix Some Potential NPE > --- > >