New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Information disclosure when using private file repos #11958

Closed

bbaassssiiee opened this issue Feb 7, 2025 · 0 comments · Fixed by #11959

Contributor

bbaassssiiee commented Feb 7, 2025 •

edited

Loading

As mentioned in issue #10294 this task can expose username and password if the credentials to the private repo are url-encoded.

  - name: Download_file | Show url of file to download
    debug:
      msg: "{{ download.url }}"
    run_once: "{{ download_run_once }}"

It would be better to amend the task with:

   when: unsafe_show_logs | bool

The text was updated successfully, but these errors were encountered:

bbaassssiiee mentioned this issue

Fix information disclosure #11959

Merged

k8s-ci-robot closed this as completed in #11959

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment