Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-15194

cbcollect_info couchbase.log leaks CB_REST_USERNAME CB_REST_PASSWORD

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Fix
    • Critical
    • 4.0.0
    • 3.0, 3.0.1, 3.0.2, 3.0.3, 4.0.0
    • ns_server
    • Security Level: Public
    • Untriaged
    • Unknown

    Description

      The couchbase CLI and cbbackup/transfer/restore can use ENV Variables for username and password (added with MB-10268)

      Unfortunately these are also picked up and recorded in plain text with cb_collect in the couchbase.log

      ...
      Processes' environment
      (pgrep beam.smp; pgrep memcached) | xargs -n1 – sh -c 'echo $1; ( cat /proc/$1/environ | tr
      0
      n ); echo' –

      ....

      SHELL=/bin/bash
      CB_REST_USERNAME=root
      CB_REST_PASSWORD=password

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. MB-10268 couchbase-cli - Arguments with sensitive values

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              djp Don Pinto [X] (Inactive)
              ianmccloy Ian McCloy (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty