Details
-
Bug
-
Resolution: Tracked Elsewhere
-
Medium
-
None
-
7.4.0
-
None
-
1
-
Severity 2 - Major
-
Description
Problem
While running Confluence from docker, if the ATL_JDBC_PASSWORD command is used in the docker/docker-compose commands, the value of the password is not sanitised in the support zip created from the instance. This is also true for other custom values such as JKS_PASS etc, where if password value is passed, it is presented without being sanitised.
Environment
7.4.0 Confluence using docker.
Steps to Reproduce
- Create a docker instance of Confluence using steps from https://hub.docker.com/r/atlassian/confluence-server/
- Ensure to pass ATL_JDBC_USER and ATL_JDBC_PASSWORD commands along with ATL_JDBC_URL and ATL_DB_TYPE so that these values need not be specified during database creation.
- Start the instance.
- Extract support zip from the instance, once it starts running.
Expected Results
The password information specified under ATL_JDBC_PASSWORD should be sanitised along with any other password information.
Actual Results
Password is not sanitised.
Workaround
No workaround at this time
Notes
Attachments
Issue Links
- mentioned in
-
Page Loading...