diff options
| author | Abhijeet Kasurde <akasurde@redhat.com> | 2021-02-06 02:20:59 +0530 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-05 14:50:59 -0600 |
| commit | 0785772a03470fd2879d2f613520284997dc9dd0 (patch) | |
| tree | b62132f3e2d67f0e0fef6b7ef7cff3676c1046d6 | |
| parent | bfea16c4f741d4cd10c8e17bf7eed14240345cb5 (diff) | |
| download | ansible-0785772a03470fd2879d2f613520284997dc9dd0.tar.gz | |
[bp-2.8] snmp_facts: Hide user sensitive information in console (#73189)
**SECURITY** - CVE-2021-20178
Hide user sensitive information like `privkey` and `authkey`
while logging in console.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
| -rw-r--r-- | changelogs/fragments/snmp_facts.yml | 2 | ||||
| -rw-r--r-- | lib/ansible/modules/net_tools/snmp_facts.py | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/changelogs/fragments/snmp_facts.yml b/changelogs/fragments/snmp_facts.yml new file mode 100644 index 0000000000..4ba3d74c97 --- /dev/null +++ b/changelogs/fragments/snmp_facts.yml @@ -0,0 +1,2 @@ +security_fixes: +- 'snmp_facts - hide user sensitive information such as ``privkey`` and ``authkey`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1621) (CVE-2021-20178).' diff --git a/lib/ansible/modules/net_tools/snmp_facts.py b/lib/ansible/modules/net_tools/snmp_facts.py index 1178fb9b51..9b00b251bc 100644 --- a/lib/ansible/modules/net_tools/snmp_facts.py +++ b/lib/ansible/modules/net_tools/snmp_facts.py @@ -277,8 +277,8 @@ def main(): level=dict(type='str', choices=['authNoPriv', 'authPriv']), integrity=dict(type='str', choices=['md5', 'sha']), privacy=dict(type='str', choices=['aes', 'des']), - authkey=dict(type='str'), - privkey=dict(type='str'), + authkey=dict(type='str', no_log=True), + privkey=dict(type='str', no_log=True), ), required_together=( ['username', 'level', 'integrity', 'authkey'], |