Skip to content

Clear text API tokens in webapp and apache httpd logs

High
amousset published GHSA-35xg-w54w-757j Sep 6, 2023

Package

rudder-server (rudder)

Affected versions

>= 7.3.0, < 7.3.5
< 7.2.10

Patched versions

7.3.5
7.2.10
rudder-webapp (rudder)
*
None

Description

Impact

When modifying an API account in the dedicated page, the token can be written in clear text in the web application log file (/var/log/rudder/webapp/) depending on logging configuration:

INFO  net.liftweb.util.TimeHelpers - Service request (POST) /rudder/secure/apiaccounts/kk9Ld5eLtnOnaQ33RkdgUgxMjsPo7oP3 returned 200, took 61 Milliseconds

And in the apache httpd logs too with the default configuration (/var/log/rudder/apache2):

"POST /rudder/secure/apiaccounts/kk9Ld5eLtnOnaQ33RkdgUgxMjsPo7oP3 HTTP/1.1" 200 328 "https://rudder.example.com/rudder/secure/administration/apiManagement?" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0" 

Locally, these files are only available to privileged users, but it could be a risk if some of the logs are forwarded to a remote system.

Patches

Workarounds

References

Severity

High

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Local
Attack complexity
Low
Privileges required
High
User interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CVE ID

No known CVE

Weaknesses