Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-3015

container prints env vars (which can be passwords) to logs

    XMLWordPrintable

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.5.36, 2.5.37
    • 2.5.38, 2.5.36.1, 2.5.37.1
    • None
    • None

    Description

      Jonathan (Jj!) Johnson 10:42 AM
      I see you're offline, but will leave a note anyway: this line should be removed: [ https://github.internet2.edu/docker/grouper/blob/2.5.37/container_files/usr-local-bin/librarySetupFiles.sh#L68 ]. it can disclose secrets, like it did to me last friday

      Attachments

        Activity

          People

            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Smart Checklist