1. ansible
  2. Commit 75288a89d0053d6df35c90863fb6c9542d89850e
Browse code

Callback: removing args from task_fields from Sumologic and Splunk plugin(#63527) (#64748)

CVE-2019-14864 Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs

Fixes #63522

Signed-off-by: Patrick O’Brien <patrick.obrien@thetradedesk.com>
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit c76e074e4c71c7621a1ca8159261c1959b5287af)

Matt Davis authored on 2019/11/13 10:03:31
Showing 3 changed files
changelogs/fragments/63522-remove-args-from-sumologic-and-splunk-callbacks.yml
History View file @ 75288a8
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,2 @@
0 
+bugfixes:
1 
+  - '**security issue** - Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs (CVE-2019-14864)'
lib/ansible/plugins/callback/splunk.py
History View file @ 75288a8
... ... 
@@ -98,6 +98,9 @@ class SplunkHTTPCollectorSource(object):
98 98 
         else:
99 99 
             ansible_role = None
100 100
101 
+        if 'args' in result._task_fields:
102 
+            del result._task_fields['args']
103 
+
101 104 
         data = {}
102 105 
         data['uuid'] = result._task._uuid
103 106 
         data['session'] = self.session
lib/ansible/plugins/callback/sumologic.py
History View file @ 75288a8
... ... 
@@ -89,6 +89,9 @@ class SumologicHTTPCollectorSource(object):
89 89 
         else:
90 90 
             ansible_role = None
91 91
92 
+        if 'args' in result._task_fields:
93 
+            del result._task_fields['args']
94 
+
92 95 
         data = {}
93 96 
         data['uuid'] = result._task._uuid
94 97 
         data['session'] = self.session