[jira] [Updated] (CLOUDSTACK-10423) Potential sensitive information disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10423: --- Description: As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] url could contain password or other sensitive information we have sanitized the url before logging, but when we provide a invalid URL who still have sensitive information, the url will be warped in to an exception at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] and the exception will printed at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L747] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2472] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2260] we should provide the detail information to client without sensitive information. was: As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] url could contain password or other sensitive information we have sanitized the url before logging, but when we provide invalid URL who still have sensitive information, the url will be warped in to an exception at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] and the exception will printed at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L747] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2472] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2260] we should provide the detail information to client without sensitive information. > Potential sensitive information disclosure > > > Key: CLOUDSTACK-10423 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10423 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: lujie >Priority: Major > > As shown at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] > url could contain password or other sensitive information > we have sanitized the url before logging, but when we provide a invalid URL > who still have sensitive information, the url will be warped in to an > exception at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] > and the exception will printed at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] > or > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L747] > or > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2472] > or > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2260] > we should provide the detail information to client without sensitive > information. -- This message was sent by Atlassian Jir
[jira] [Updated] (CLOUDSTACK-10423) Potential sensitive information disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10423: --- Description: As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] url could contain password or other sensitive information we have sanitized the url before logging, but when we provide invalid URL who still have sensitive information, the url will be warped in to an exception at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] and the exception will printed at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L747] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2472] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2260] we should provide the detail information to client without sensitive information. was: As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] url could contain password or other sensitive information we have sanitized the url before logging, but when provide invalid URL who still have sensitive information, the url will be warped in to an exception at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] and the exception will printed at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L747] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2472] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2260] we should provide the detail information to client without sensitive information. > Potential sensitive information disclosure > > > Key: CLOUDSTACK-10423 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10423 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: lujie >Priority: Major > > As shown at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] > url could contain password or other sensitive information > we have sanitized the url before logging, but when we provide invalid URL who > still have sensitive information, the url will be warped in to an exception at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] > and the exception will printed at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] > or > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L747] > or > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2472] > or > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2260] > we should provide the detail information to client without sensitive > information. -- This message was sent by Atlassian Jira (v8.3.4#
[jira] [Updated] (CLOUDSTACK-10423) Potential sensitive information disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10423: --- Description: As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] url could contain password or other sensitive information we have sanitized the url before logging, but when provide invalid URL who still have sensitive information, the url will be warped in to an exception at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] and the exception will printed at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L747] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2472] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2260] we should provide the detail information to client without sensitive information. was: As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] url could contain password or other sensitive information we have sanitized the url before logging, but when provide invalid URL who still have sensitive information, the url will be warped in to an exception at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] and the exception will printed at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L747] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2472] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2260] > Potential sensitive information disclosure > > > Key: CLOUDSTACK-10423 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10423 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: lujie >Priority: Major > > As shown at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] > url could contain password or other sensitive information > we have sanitized the url before logging, but when provide invalid URL who > still have sensitive information, the url will be warped in to an exception at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] > and the exception will printed at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] > or > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L747] > or > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2472] > or > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2260] > we should provide the detail information to client without sensitive > information. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (CLOUDSTACK-10423) Potential sensitive information disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10423: --- Description: As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] url could contain password or other sensitive information we have sanitized the url before logging, but when provide invalid URL who still have sensitive information, the url will be warped in to an exception at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] and the exception will printed at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L747] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2472] or [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2260] was: As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] url could contain password or other sensitive information We have sanitized the url at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L93|https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] 93 and 95 but the url still be warped into exception at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] the exception will printed at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] and [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L747] and [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2472] and [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2260] > Potential sensitive information disclosure > > > Key: CLOUDSTACK-10423 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10423 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: lujie >Priority: Major > > As shown at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] > url could contain password or other sensitive information > we have sanitized the url before logging, but when provide invalid URL who > still have sensitive information, the url will be warped in to an exception at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] > and the exception will printed at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] > or > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L747] > or > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2472] > or > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/sr
[jira] [Updated] (CLOUDSTACK-10423) Potential sensitive information disclosure
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated CLOUDSTACK-10423: --- Description: As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] url could contain password or other sensitive information We have sanitized the url at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L93|https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] 93 and 95 but the url still be warped into exception at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] the exception will printed at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] and [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L747] and [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2472] and [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2260] was: As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] url could contain password or other sensitive information even we sanitize the url at line 93 and 95, but the url still be warped into exception at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] the exception will printed at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] and [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L747] and [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2472] and https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2260 > Potential sensitive information disclosure > > > Key: CLOUDSTACK-10423 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10423 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: lujie >Priority: Major > > As shown at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] > url could contain password or other sensitive information > We have sanitized the url at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L93|https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] > 93 and 95 but the url still be warped into exception at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] > the exception will printed at > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] > and > [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java
[jira] [Created] (CLOUDSTACK-10423) Potential sensitive information disclosure
lujie created CLOUDSTACK-10423: -- Summary: Potential sensitive information disclosure Key: CLOUDSTACK-10423 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10423 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Reporter: lujie As shown at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L92] url could contain password or other sensitive information even we sanitize the url at line 93 and 95, but the url still be warped into exception at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/plugins/storage/image/default/src/main/java/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java#L117] the exception will printed at [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L639] and [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L747] and [https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2472] and https://github.com/apache/cloudstack/blob/bd38f0647f59e09bc0755bbf48d48fb0a21295ca/server/src/main/java/com/cloud/storage/StorageManagerImpl.java#L2260 -- This message was sent by Atlassian Jira (v8.3.4#803005)