CVE-2018-1000060

Опубликовано: 20 янв. 2018

Источник: redhat

CVSS3: 5.5

Описание

Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b.

Sensu's redaction function fails to handle the redaction of sensitive data in deeply nested data structures, resulting in sensitive data, such as passwords, being logged in clear-text.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools	sensu	Will not fix
Red Hat OpenStack Platform 8 (Liberty) Operational Tools	sensu	Will not fix
Red Hat OpenStack Platform 9 (Mitaka) Operational Tools	sensu	Will not fix
Red Hat OpenStack Platform 10.0 Operational Tools for RHEL 7	sensu	Fixed	RHSA-2018:1606	17.05.2018
Red Hat OpenStack Platform 11.0 Operational Tools for RHEL 7	sensu	Fixed	RHSA-2018:1112	11.04.2018
Red Hat OpenStack Platform 12.0 Operational Tools for RHEL 7	sensu	Fixed	RHSA-2018:0616	28.03.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1541402sensu: Password exposure in warn level log when configured for multiple rabbitMQ connections

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2018-1000060

CVSS3: 9.8

nvd

почти 8 лет назад

CVE-2018-1000060

CVSS3: 9.8

debian

почти 8 лет назад

Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e ...

GHSA-69mv-3642-wj3w

github

больше 7 лет назад

Low severity vulnerability that affects sensu

5.5 Medium

CVSS3