CVE-2018-1000060

Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b.

Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b.

The sensu rubygem prior to version 1.2.0 contains a CWE-522 (Insufficiently Protected Credentials) flaw that can result in sensitive configuration data (e.g. passwords) being logged in clear-text. Users are advised to upgrade to rubygem version 1.2.1 or later.

Sensu, Inc. Sensu Core, en versiones anteriores a la 1.2.0 antes del commit con ID 46ff10023e8cbf1b6978838f47c51b20b98fe30b, contiene una vulnerabilidad CWE-522 en Sensu::Utilities.redact_sensitive() que puede resultar en que los datos sensibles de configuración (por ejemplo, las contraseñas) podrían registrarse en texto claro. Este ataque parece ser explotable mediante víctimas con configuraciones que coincidan con un patrón en concreto que observen qué datos sensibles se están enviando en sus archivos de registro de servicio. Parece ser que la vulnerabilidad se ha solucionado en la versión 1.2.1 y siguientes, tras el commit con ID 46ff10023e8cbf1b6978838f47c51b20b98fe30b.