From fa2d2d6971d668f82207dd3e265820fdb4b0048d Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Tue, 12 Jan 2021 12:08:03 +0100 Subject: [PATCH] snmp_facts: Hide user sensitive information in console (#1621) (#1623) **SECURITY** - CVE-2021-20178 Hide user sensitive information like `privkey` and `authkey` while logging in console. Signed-off-by: Abhijeet Kasurde (cherry picked from commit 3560aeb12f7061bf21d63ca0e1e19feb99c57de3) Co-authored-by: Abhijeet Kasurde --- changelogs/fragments/snmp_facts.yml | 2 ++ plugins/modules/net_tools/snmp_facts.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/snmp_facts.yml diff --git a/changelogs/fragments/snmp_facts.yml b/changelogs/fragments/snmp_facts.yml new file mode 100644 index 0000000000..09c5164b5e --- /dev/null +++ b/changelogs/fragments/snmp_facts.yml @@ -0,0 +1,2 @@ +security_fixes: +- 'snmp_facts - **CVE-2021-20178** - hide user sensitive information such as ``privkey`` and ``authkey`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1621).' diff --git a/plugins/modules/net_tools/snmp_facts.py b/plugins/modules/net_tools/snmp_facts.py index 752f253195..661db46060 100644 --- a/plugins/modules/net_tools/snmp_facts.py +++ b/plugins/modules/net_tools/snmp_facts.py @@ -269,8 +269,8 @@ def main(): level=dict(type='str', choices=['authNoPriv', 'authPriv']), integrity=dict(type='str', choices=['md5', 'sha']), privacy=dict(type='str', choices=['aes', 'des']), - authkey=dict(type='str'), - privkey=dict(type='str'), + authkey=dict(type='str', no_log=True), + privkey=dict(type='str', no_log=True), ), required_together=( ['username', 'level', 'integrity', 'authkey'],