[jira] [Created] (AMBARI-26555) Password leaked for configurations at stack root (e.g. cluster-env.xml)

YUBI LEE (Jira) Wed, 12 Nov 2025 17:23:25 -0800

YUBI LEE created AMBARI-26555:
---------------------------------

             Summary: Password leaked for configurations at stack root (e.g. 
cluster-env.xml)
                 Key: AMBARI-26555
                 URL: https://issues.apache.org/jira/browse/AMBARI-26555
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.7.9, 3.0.0
            Reporter: YUBI LEE
            Assignee: YUBI LEE



There is a mechanism that hides password for configurations with "PASSWORD" 
property type.
However, StackInfo#getConfigPropertiesType() method only handles configurations 
which belongs to specific service, not configurations on stack root.
For example, if you add some PASSWORD type configurations on cluster-env.xml, 
it will be leaked on http api.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (AMBARI-26555) Password leaked for configurations at stack root (e.g. cluster-env.xml)

Reply via email to