No components marked as affected
Resolved
Updated the docs with a message that debug logs may leak credentials.
https://github.com/cognitedata/cognite-sdk-python/pull/1810
Working on a fix upstream.
Identified
The engineering team is currently working with the authors of the requests-oauthlib to improve the security of their debug logging. A pull request has been drafted and discussions are ongoing. See details here: https://github.com/requests/requests-oauthlib/pull/539
Identified
Cognite have identified a security issue in one of the dependencies of the cognite-sdk-python package, namely requests_oauthlib. This issue causes authorization headers to be logged when the library is configured to log at the DEBUG level. We are currently pursuing ways to address this in the SDK. In the meantime we would strongly urge any clients to review their log level settings, and ensure that log statements from requests_oautlib are logged at level INFO or higher.
If you continue using DEBUG-level logging, we recommend limiting access to logs until tokens/credentials have expired.
NOTE: the DEBUG logging for requests_oauthlib is a feature and not considered a security flaw, but Cognite wanted to post this notification to bring awareness to the users of our SDK.