From 9cccc9f0cdbd4e17258d019bdc7f29e13f8dd2aa Mon Sep 17 00:00:00 2001 From: David Moreau Simard Date: Thu, 4 Feb 2021 15:17:43 -0500 Subject: [PATCH] docker swarm - Add no_log to the signing_ca_key argument (#1728) This will prevent accidental disclosure. See: CVE-2021-20191 --- changelogs/fragments/CVE-2021-20191_no_log_docker.yml | 2 ++ plugins/modules/cloud/docker/docker_swarm.py | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/CVE-2021-20191_no_log_docker.yml diff --git a/changelogs/fragments/CVE-2021-20191_no_log_docker.yml b/changelogs/fragments/CVE-2021-20191_no_log_docker.yml new file mode 100644 index 0000000000..a5218324e3 --- /dev/null +++ b/changelogs/fragments/CVE-2021-20191_no_log_docker.yml @@ -0,0 +1,2 @@ +security_fixes: + - docker_swarm - enabled ``no_log`` for the option ``signing_ca_key`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1728). diff --git a/plugins/modules/cloud/docker/docker_swarm.py b/plugins/modules/cloud/docker/docker_swarm.py index 687313c9c6..52f37643b6 100644 --- a/plugins/modules/cloud/docker/docker_swarm.py +++ b/plugins/modules/cloud/docker/docker_swarm.py @@ -616,7 +616,7 @@ def main(): name=dict(type='str'), labels=dict(type='dict'), signing_ca_cert=dict(type='str'), - signing_ca_key=dict(type='str'), + signing_ca_key=dict(type='str', no_log=True), ca_force_rotate=dict(type='int'), autolock_managers=dict(type='bool'), node_id=dict(type='str'),