diff options
author | Abhijeet Kasurde <akasurde@redhat.com> | 2021-02-06 02:21:11 +0530 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-05 14:51:11 -0600 |
commit | 10d81272b7c8349ec3008ac91fa03fde457e173a (patch) | |
tree | 23b530526b4652c81f5049ed43079aaf1b45a468 | |
parent | e3c08d001d8ae787b95ceeacd07938f751f6b516 (diff) | |
download | ansible-10d81272b7c8349ec3008ac91fa03fde457e173a.tar.gz |
[bp-2.9] snmp_facts: Hide user sensitive information in console (#73188)
**SECURITY** - CVE-2021-20178
Hide user sensitive information like `privkey` and `authkey`
while logging in console.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
-rw-r--r-- | changelogs/fragments/snmp_facts.yml | 2 | ||||
-rw-r--r-- | lib/ansible/modules/net_tools/snmp_facts.py | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/changelogs/fragments/snmp_facts.yml b/changelogs/fragments/snmp_facts.yml new file mode 100644 index 0000000000..4ba3d74c97 --- /dev/null +++ b/changelogs/fragments/snmp_facts.yml @@ -0,0 +1,2 @@ +security_fixes: +- 'snmp_facts - hide user sensitive information such as ``privkey`` and ``authkey`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1621) (CVE-2021-20178).' diff --git a/lib/ansible/modules/net_tools/snmp_facts.py b/lib/ansible/modules/net_tools/snmp_facts.py index 1178fb9b51..9b00b251bc 100644 --- a/lib/ansible/modules/net_tools/snmp_facts.py +++ b/lib/ansible/modules/net_tools/snmp_facts.py @@ -277,8 +277,8 @@ def main(): level=dict(type='str', choices=['authNoPriv', 'authPriv']), integrity=dict(type='str', choices=['md5', 'sha']), privacy=dict(type='str', choices=['aes', 'des']), - authkey=dict(type='str'), - privkey=dict(type='str'), + authkey=dict(type='str', no_log=True), + privkey=dict(type='str', no_log=True), ), required_together=( ['username', 'level', 'integrity', 'authkey'], |