Bug Description
I see my email account password in the notifier container logs.
Steps To Reproduce
Expected Behavior
I wouldn't want my email account password to appear in the logs.
Actual Behavior
I was setting up email notifications. After several unsuccessful attempts, I went to look at the notification container logs and found two lines containing mail server connection settings. One line contains a password in cleartext, which could be a vulnerability if an attacker gains access to the logs. Furthermore, there are two lines in a row: one contains the password in cleartext, the other is masked.
Screenshots/Logs
{"level":"info","delay":"7.985761ms","audit":true,"args":{"name":"test","type":"email","skip_check":true,"Config":{"Email":{"from":"test@test.ru","server":"smtp.test.ru:456","auth_type":1,"username":"test@test.ru","password":"SecretPassword","use_tls":true,"insecure":true}}},"result":{"id":"a9d30da5-5d00-4ef6-8ec5-ca1a21aa8a5a"},"correlation_id":"b697699f-4bb7-4473-a570-92b596f90d6f","time":"2025-12-22T12:48:08.03004371Z","caller":"integration_logging.go:26","message":"Called IntegrationControllerServer.Create"}
{"level":"info","delay":"62.524207ms","args":{"type":"email","id":"a9d30da5-5d00-4ef6-8ec5-ca1a21aa8a5a"},"result":{"id":"a9d30da5-5d00-4ef6-8ec5-ca1a21aa8a5a","name":"test","type":"email","Config":{"Email":{"from":"test@test.ru","server":"smtp.test.ru:456","auth_type":1,"username":"test@test.ru","password":"********","use_tls":true,"insecure":true}}},"correlation_id":"42a6465f-4966-4bd6-a0d5-29fac8523824","time":"2025-12-22T12:48:08.10478751Z","caller":"integration_logging.go:41","message":"Called IntegrationControllerServer.Read"}
Severity
Low (minor visual issue, doesn't affect functionality)
Environment
No response
Additional Context
No response
Acknowledgement
Bug Description
I see my email account password in the notifier container logs.
Steps To Reproduce
Expected Behavior
I wouldn't want my email account password to appear in the logs.
Actual Behavior
I was setting up email notifications. After several unsuccessful attempts, I went to look at the notification container logs and found two lines containing mail server connection settings. One line contains a password in cleartext, which could be a vulnerability if an attacker gains access to the logs. Furthermore, there are two lines in a row: one contains the password in cleartext, the other is masked.
Screenshots/Logs
{"level":"info","delay":"7.985761ms","audit":true,"args":{"name":"test","type":"email","skip_check":true,"Config":{"Email":{"from":"test@test.ru","server":"smtp.test.ru:456","auth_type":1,"username":"test@test.ru","password":"SecretPassword","use_tls":true,"insecure":true}}},"result":{"id":"a9d30da5-5d00-4ef6-8ec5-ca1a21aa8a5a"},"correlation_id":"b697699f-4bb7-4473-a570-92b596f90d6f","time":"2025-12-22T12:48:08.03004371Z","caller":"integration_logging.go:26","message":"Called IntegrationControllerServer.Create"}
{"level":"info","delay":"62.524207ms","args":{"type":"email","id":"a9d30da5-5d00-4ef6-8ec5-ca1a21aa8a5a"},"result":{"id":"a9d30da5-5d00-4ef6-8ec5-ca1a21aa8a5a","name":"test","type":"email","Config":{"Email":{"from":"test@test.ru","server":"smtp.test.ru:456","auth_type":1,"username":"test@test.ru","password":"********","use_tls":true,"insecure":true}}},"correlation_id":"42a6465f-4966-4bd6-a0d5-29fac8523824","time":"2025-12-22T12:48:08.10478751Z","caller":"integration_logging.go:41","message":"Called IntegrationControllerServer.Read"}
Severity
Low (minor visual issue, doesn't affect functionality)
Environment
No response
Additional Context
No response
Acknowledgement