Verify if the dbtree password exposed in Gerrit is still in use
Closed, ResolvedPublicSecurity
Actions

Assigned To

Authored By

	valerio.bozzolan
	Apr 21 2021, 3:56 PM

Description

Hello everyone!

After reading T96499 I noticed this public link:

It seems that kind of stuff that should not be exposed. Isn't it?

We should:

double-check if that password was already changed (see below comment: T280812#7024905)
add a comment in Gerrit to avoid to re-open this twice (done: https://w.wiki/3Dcy)

Really apologies if you already know. Maybe @Springle can help us.

Thank you so much for your time! Cheers! 💌

Mentioned Here: T96499: dbtree loads third party resources (from google.com/jsapi)

sbassett triaged this task as High priority.Apr 21 2021, 4:20 PM

sbassett moved this task from Incoming to Watching on the Security-Team board.

sbassett added a project: DBA.

sbassett added a subscriber: Reedy.

That user no longer exists.

The current user and the current password are different from that one.

sbassett closed this task as Resolved.Apr 21 2021, 4:42 PM

sbassett assigned this task to • Marostegui.

sbassett moved this task from Triage to Done on the DBA board.

sbassett changed the visibility from "Custom Policy" to "Public (No Login Required)".

sbassett changed the edit policy from "Custom Policy" to "All Users".