cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Callback: removing args from task_fields from Sumologic and Splunk plugin(#63527)

Browse source 
CVE-2019-14864 Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs

Fixes #63522

Signed-off-by: Patrick O’Brien <patrick.obrien@thetradedesk.com>
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This commit is contained in:
Patrick O'Brien 2019-11-01 07:21:11 -07:00 committed by Abhijeet Kasurde
parent 56d5fd34e3
commit c76e074e4c
3 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/63522-remove-args-from-sumologic-and-splunk-callbacks.yml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- '**security issue** - Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs (CVE-2019-14864)'

3
lib/ansible/plugins/callback/splunk.py
View file

@ -98,6 +98,9 @@ class SplunkHTTPCollectorSource(object):
else: else:
ansible_role = None ansible_role = None
if 'args' in result._task_fields:
del result._task_fields['args']
data = {} data = {}
data['uuid'] = result._task._uuid data['uuid'] = result._task._uuid
data['session'] = self.session data['session'] = self.session

3
lib/ansible/plugins/callback/sumologic.py
View file

@ -89,6 +89,9 @@ class SumologicHTTPCollectorSource(object):
else: else:
ansible_role = None ansible_role = None
if 'args' in result._task_fields:
del result._task_fields['args']
data = {} data = {}
data['uuid'] = result._task._uuid data['uuid'] = result._task._uuid
data['session'] = self.session data['session'] = self.session