Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] [Dolphin] Printing plaintext passwords in process environment variables #16628

Open
2 of 3 tasks
licanxue opened this issue Sep 19, 2024 · 3 comments
Open
2 of 3 tasks

[Question] [Dolphin] Printing plaintext passwords in process environment variables #16628

licanxue opened this issue Sep 19, 2024 · 3 comments
Labels
question Further information is requested

Comments

@licanxue
Copy link

licanxue commented Sep 19, 2024
edited
Loading

Search before asking

  • I had searched in the issues and found no similar issues.

What happened

Printing plaintext passwords in process environment variables

What you expected to happen

no passwords showing in process environment variables

How to reproduce

Anything else

No response

Version

dev

Are you willing to submit PR?

  • Yes I am willing to submit a PR!

Code of Conduct
@licanxue licanxue added bug Something isn't working Waiting for reply Waiting for reply labels Sep 19, 2024
@SbloodyS
Copy link
Member

Can you elaborate your issue? I don't quite understand what this is.

@SbloodyS SbloodyS added Waiting for user feedback Waiting for feedback from issue/PR author and removed Waiting for reply Waiting for reply labels Sep 19, 2024
@licanxue
Copy link
Author

We used DolphinScheduler as a scheduling tool in our project, and during our security testing we found that we executed the ‘ps -ef‘ command to query Dolphin's process on the machine where DolphinScheduler was installed, and then we viewed the process by the command ‘cat /proc/procId/environ‘ environment variable information, in which the password is shown in clear text, it is determined to be a security issue, may I ask how to fix it?

@SbloodyS
Copy link
Member

I don't think this is a cve since most open source tools store the account password in plain text in the service's configuration file.

@SbloodyS SbloodyS added question Further information is requested and removed bug Something isn't working Waiting for user feedback Waiting for feedback from issue/PR author labels Sep 19, 2024
@SbloodyS SbloodyS changed the title [Bug] [Dolphin] Printing plaintext passwords in process environment variables [Question] [Dolphin] Printing plaintext passwords in process environment variables Sep 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SbloodyS @licanxue