<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:35:39 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[GODRIVER-1086] Can leak creds through errors from URI Parsing</title>
                <link>https://jira.mongodb.org/browse/GODRIVER-1086</link>
                <project id="14289" key="GODRIVER">Go Driver</project>
                    <description>&lt;p&gt;When a URI Parsing error is encountered the return is the URI (conn string) and the parse error.  The error contains, in the message, the URI passed to the parse function.  Downstream consumers of the driver do not necessarily have that implementation detail and may pass the error on further downstream.  Since the URI may contain sensitive information (passwords) these errors may inadvertently leak credentials.&lt;/p&gt;


&lt;p&gt;&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/blob/c2a43c080082db26ed2d6fb44026ce1d00a983a7/x/mongo/driver/connstring/connstring.go#L29&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/blob/c2a43c080082db26ed2d6fb44026ce1d00a983a7/x/mongo/driver/connstring/connstring.go#L29&lt;/a&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="774947">GODRIVER-1086</key>
            <summary>Can leak creds through errors from URI Parsing</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="2" iconUrl="https://jira.mongodb.org/images/icons/priorities/critical.svg">Critical - P2</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="isabella.siu@mongodb.com">Isabella Siu</assignee>
                                    <reporter username="scott.lhommedieu@mongodb.com">Scott L&apos;Hommedieu</reporter>
                        <labels>
                            <label>security</label>
                    </labels>
                <created>Wed, 22 May 2019 23:44:59 +0000</created>
                <updated>Sat, 28 Oct 2023 11:38:48 +0000</updated>
                            <resolved>Fri, 24 May 2019 19:20:14 +0000</resolved>
                                    <version>1.0.2</version>
                                    <fixVersion>1.0.3</fixVersion>
                                    <component>Error Handling</component>
                                        <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="2259661" author="xgen-internal-githook" created="Fri, 24 May 2019 19:19:57 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;iwysiu&apos;, &apos;email&apos;: &apos;isabella.siu@10gen.com&apos;, &apos;username&apos;: &apos;iwysiu&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-1086&quot; title=&quot;Can leak creds through errors from URI Parsing&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-1086&quot;&gt;&lt;del&gt;GODRIVER-1086&lt;/del&gt;&lt;/a&gt; don&apos;t return the uri when parsing fails&lt;/p&gt;

&lt;p&gt;Change-Id: Ia7ce0035da57defa49359cb1c134d32507505210&lt;br/&gt;
Branch: release/1.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/674519381d201b166618c210ab349a4bba9bf8e5&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/674519381d201b166618c210ab349a4bba9bf8e5&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2259592" author="xgen-internal-githook" created="Fri, 24 May 2019 18:31:46 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;iwysiu&apos;, &apos;email&apos;: &apos;isabella.siu@10gen.com&apos;, &apos;username&apos;: &apos;iwysiu&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-1086&quot; title=&quot;Can leak creds through errors from URI Parsing&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-1086&quot;&gt;&lt;del&gt;GODRIVER-1086&lt;/del&gt;&lt;/a&gt; don&apos;t return the uri when parsing fails&lt;/p&gt;

&lt;p&gt;Change-Id: Ia7ce0035da57defa49359cb1c134d32507505210&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/5f844d7e6745921832a2eb469501e60c342189c0&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/5f844d7e6745921832a2eb469501e60c342189c0&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2259259" author="isabella.siu" created="Fri, 24 May 2019 14:51:40 +0000"  >&lt;p&gt;code review url: &lt;a href=&quot;https://review.gerrithub.io/c/mongodb/mongo-go-driver/+/455680&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://review.gerrithub.io/c/mongodb/mongo-go-driver/+/455680&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2258050" author="ian@10gen.com" created="Thu, 23 May 2019 16:27:29 +0000"  >&lt;p&gt;audit for any other leaks of the uri string in error messages.&lt;/p&gt;</comment>
                            <comment id="2257287" author="jeff.yemin" created="Thu, 23 May 2019 00:16:23 +0000"  >&lt;p&gt;Note: because the URI parsing process of a &lt;tt&gt;mongodb+srv&lt;/tt&gt; URI involves looking up a TXT record in DNS, a perfectly fine URI from a syntax perspective can result in an error if the DNS lookup fails.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                            <outwardlinks description="backported by">
                                        <issuelink>
            <issuekey id="777265">GODRIVER-1087</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10520">
                    <name>Problem/Incident</name>
                                            <outwardlinks description="causes">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr78fr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>