[PUP-7580] Exec resource exposing Sensitive data - Puppet Jira Server

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 5.5.7, PUP 6.0.3
Component/s: Types and Providers
Labels:
None

Team:
Coremunity
Sprint:
Platform Core KANBAN

Release Notes:
Bug Fix
Release Notes Summary:
Puppet will no longer leak sensitive data into the resourcefile.

QA Risk Assessment:
Needs Assessment

Description

Currently the namvar attribute of the exec resource is assigned to the command attribute.
meaning the name of the resource when printed into resources.txt is the executed parameter.

This could be considered a security issue, but also makes it difficult to name resources uniquely.
A request for a name attribute or the ability to use the title as the namevar.

This is an issue when running puppet agent or puppet apply --write-catalog-summary.

Attachments

Issue Links

relates to

PUP-9295 Notify resource exposes Sensitive data when message is a Sensitive data

Resolved

PUP-1042 Change --write-catalog-summary option into a config setting

Resolved

mentioned in: Page Loading...; Page Loading...; Page Loading...

Activity

People

Assignee:: Kris Bosland

Reporter:: Marty Ewings

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2017/05/22 3:00 AM

Updated:: 2018/10/31 8:09 AM

Resolved:: 2018/10/23 10:45 AM