Reviewed: https://review.opendev.org/c/openstack/glance/+/940358
Committed:
https://opendev.org/openstack/glance/commit/33fa9596ebbd7ed16e2bbdba5fab2f6eeb8eb5c2
Submitter: "Zuul (22348)"
Branch: master
commit 33fa9596ebbd7ed16e2bbdba5fab2f6eeb8eb5c2
Author: Abhishek Kekane <akek...@redhat.com>
Date: Wed Jan 22 07:03:28 2025 +0000
Remove S3 credentials from debug log
While sorting image locations using store weight, glance logs a
debug message which logs secret and access key for s3 backend.
Removing the debug log to avoid leaking of the s3 credentials.
Closes-Bug: #2095304
SecurityImpact
Change-Id: I24073c1b1e5ea92357d9a774e6c9c9cbf0980a44
** Changed in: glance
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/2095304
Title:
Glance reveal S3 backend credentials during image creation
Status in Glance:
Fix Released
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
During image creation glance reveal S3 store key and access key
How to reproduce:
1.Configure glance with S3 backend
2.glance --insecure image-create --disk-format raw --container-format bare
--file <> --name <>
glance logs:
Jan 13 09:09:38 devstack devstack@g-api.service[1434220]: DEBUG
glance.common.utils [None req-ff4ed7e1-5021-41a1-ab0a-c43452d481de
demo demo] Sorted locations: [{'id': 7, 'url':
's3://02e880cfae0e457ea0be2820ce7177e0:03cf1105dae44fc696df5542ce1c3d11@127.0.0.1:80
80/images/1efdcef2-0eb8-4b8c-9e0f-91f7434be5dc', 'metadata': {'store':
's3_fast'}, 'status': 'active'}] {{(pid=1434220) sort_image_
locations /opt/stack/glance/glance/common/utils.py:735}}
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/2095304/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
