Description:
Summary
The ApiServer.handleRequest() method logs all API request parameters at TRACE level without sanitizing sensitive credentials, leading to exposure of passwords, secret keys, and authentication tokens in log files.
Vulnerability Details
Location
- File:
server/src/main/java/com/cloud/api/ApiServer.java
- Method:
handleRequest()
- Specific Line:
|
logger.trace(" key: " + keyStr + ", value: " + ((value == null) ? "'null'" : value[0])); |
Issue Description
When a command is missing or during request processing, the method emits every request parameter and its value at TRACE log level without any sanitization. This includes sensitive fields such as:
password (e.g., from DefaultResetPasswordAPIAuthenticatorCmd and other authentication commands)secretkey (API secret keys)apikey (API keys)- Authentication tokens
- Any other caller-supplied credentials
Impact: All sensitive credentials passed through API requests are logged in plaintext, making them accessible through:
- Log files on disk
- Centralized logging systems
- Log aggregation platforms
- System monitoring tools
Recommended Fix
Mask Sensitive Fields Before Logging
Use existing utility methods to sanitize parameters before logging:
// Use StringUtils.cleanString() combined with explicit field scrubbing
Map<String, Object> sanitizedParams = new HashMap<>(params);
List<String> sensitiveFields = Arrays.asList("password", "secretkey", "apikey", "token", "sessionkey");
for (String field : sensitiveFields) {
if (sanitizedParams.containsKey(field)) {
sanitizedParams.put(field, "******");
}
}
// Log sanitized parameters
LOGGER.trace("Request parameters: {}", sanitizedParams);
References
Description:
Summary
The
ApiServer.handleRequest()method logs all API request parameters at TRACE level without sanitizing sensitive credentials, leading to exposure of passwords, secret keys, and authentication tokens in log files.Vulnerability Details
Location
server/src/main/java/com/cloud/api/ApiServer.javahandleRequest()cloudstack/server/src/main/java/com/cloud/api/ApiServer.java
Line 630 in dbda673
Issue Description
When a command is missing or during request processing, the method emits every request parameter and its value at TRACE log level without any sanitization. This includes sensitive fields such as:
password(e.g., fromDefaultResetPasswordAPIAuthenticatorCmdand other authentication commands)secretkey(API secret keys)apikey(API keys)Impact: All sensitive credentials passed through API requests are logged in plaintext, making them accessible through:
Recommended Fix
Mask Sensitive Fields Before Logging
Use existing utility methods to sanitize parameters before logging:
References