Uploaded image for project: 'Appcelerator Studio'
  1. Appcelerator Studio
  2. TISTUD-8791

Diagnostic log: Sensitive environment variables included

    Details

    • Type: Bug
    • Status: Closed
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: Release 4.9.0
    • Fix Version/s: Release 4.9.1
    • Component/s: Configuration
    • Labels:
      None
    • Story Points:
      8
    • Sprint:
      2017 Sprint 12 Studio

      Description

      Description

      User nitrag in tislack commented the below, https://ti-slack.slack.com/archives/C03CVLS0U/p1496944142547027

      Basically, studio error reporting dumped a debug log which contained env vars which supposedly led to users AWS account being compromised

      PSA: Please check your submitted tickets on https://jira.appcelerator.org/issues/?filter=-2. Check that your attached logs do not include any sensitive information. For me, Appc Studio automatically dumped a debug log **containing all my pc’s bash environment variables** and the logs are wide open to the public WWW. Needless to say this was scraped by some scraping algorithm and my AWS account was hacked.
      

      We should ensure that any tickets reported through this means are private (and stay private when moved across projects).

      We should change the error reporting to avoid this

        Attachments

          Activity

            People

            • Assignee:
              kkolipaka Kondal Kolipaka (Inactive)
              Reporter:
              eharris Ewan Harris
              Reviewer:
              Prashanth Pedduri (Inactive)
            • Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: