Probe-and-enlist for SeaMicro chassis writes password to the log
Bug #1428666 reported by
Mike Pontillo
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Fix Released
|
Critical
|
Mike Pontillo | ||
1.9 |
Fix Released
|
Critical
|
Mike Pontillo |
Bug Description
Probe-and-enlist for the SeaMicro chassis writes the power parameters to maas.log.
Unfortunately, maas.log is world-readable.
We should just log the MAC addresses found, not the power parameters.
Related branches
lp://qastaging/~mpontillo/maas/seamicro-dont-log-password
- Mike Pontillo (community): Approve
-
Diff: 14 lines (+1/-3)1 file modifiedsrc/provisioningserver/drivers/hardware/seamicro.py (+1/-3)
lp://qastaging/~mpontillo/maas/seamicro-dont-log-password-2
- Newell Jensen (community): Approve
-
Diff: 18 lines (+3/-4)1 file modifiedsrc/provisioningserver/drivers/hardware/seamicro.py (+3/-4)
CVE References
Changed in maas: | |
importance: | Undecided → High |
status: | New → In Progress |
affects: | maas → maas (Ubuntu) |
Changed in maas (Ubuntu): | |
milestone: | 1.7.3 → none |
affects: | maas (Ubuntu) → maas |
Changed in maas: | |
status: | In Progress → Fix Committed |
milestone: | none → 2.0.0 |
importance: | High → Critical |
Changed in maas: | |
status: | Fix Committed → Fix Released |
information type: | Private Security → Public Security |
To post a comment you must log in.
This is CVE-2015-1320