GHSA-HCMV-JMQH-FJGM ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

Summary The issue here is that we pass the secret content as one of the args via CLI. This issue may affect any of our charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processing subprocess.CalledProcessError. There are two points that may log this command, in...

CVE-2024-41129 The ops library leaks secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processi...

CVE-2024-41129

The CVE-2024-41129 issue affects the ops library (Python framework used with Juju charms) where secret content can be passed as a CLI argument, potentially exposing secrets via subprocess.CalledProcessError logging. Connected Red Hat, Veracode, OSV, and CVE records confirm the root cause and indi...

CVE-2024-41129 The ops library leaks secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processi...