wbrawner/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Callback: removing args from task_fields from Sumologic and Splunk plugin(#63527) (#64748)

Browse source 
CVE-2019-14864 Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs

Fixes #63522

Signed-off-by: Patrick O’Brien <patrick.obrien@thetradedesk.com>
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit c76e074e4c)
This commit is contained in:
Matt Davis 2019-11-12 17:03:31 -08:00 committed by GitHub
parent ab910e1f5a
commit 75288a89d0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/63522-remove-args-from-sumologic-and-splunk-callbacks.yml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- '**security issue** - Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs (CVE-2019-14864)'

3
lib/ansible/plugins/callback/splunk.py
View file

@ -98,6 +98,9 @@ class SplunkHTTPCollectorSource(object):
else: else:
ansible_role = None ansible_role = None
if 'args' in result._task_fields:
del result._task_fields['args']
data = {} data = {}
data['uuid'] = result._task._uuid data['uuid'] = result._task._uuid
data['session'] = self.session data['session'] = self.session

3
lib/ansible/plugins/callback/sumologic.py
View file

@ -89,6 +89,9 @@ class SumologicHTTPCollectorSource(object):
else: else:
ansible_role = None ansible_role = None
if 'args' in result._task_fields:
del result._task_fields['args']
data = {} data = {}
data['uuid'] = result._task._uuid data['uuid'] = result._task._uuid
data['session'] = self.session data['session'] = self.session