Skip to content

exec failures leak plaintext passwords to logs/PuppetDB #18

Description

@Sommerzeit

This module (v1.14.0) builds occ commands as plain strings passed to exec, without Sensitive(). When these execs fail, Puppet logs the full command - including plaintext DB password, admin password, and SMTP password. The error logs go to journalctl and the Puppet report (subsequently also to PuppetDB and Puppetboard).

E.g.

Error: 'touch /opt/nextcloud-data/.puppet_install.lock && php occ maintenance:install --database 'mysql' --database-host 10.0.11.7 --database-name nextcloud --database-user nextcloud --database-pass <redacted😔> --admin-user admin --admin-pass <redacted😥> --data-dir /opt/nextcloud-data && touch /opt/nextcloud-data/.puppet_install.done && touch /opt/nextcloud-data/.puppet_update_31_0_0.done ; _exit=$? ; rm -f /opt/nextcloud-data/.puppet_install.lock ; test $_exit -lt 1 && true' returned 1 instead of one of [0]

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions