In the past we've said that secrets logged by default (and this goes to ERROR level, so it qualifies) are vulnerabilities. See https://bugs.launchpad.net/ossa/+bug/1543402 for at least one discussion of that. That example was made public, but I think it was only because the information was already out there.
As for the fix, should we use oslo_utils.strutils.mask_password? The patterns it's currently using wouldn't match this case today, but they could (and probably should?) be updated to match.
In the past we've said that secrets logged by default (and this goes to ERROR level, so it qualifies) are vulnerabilities. See https:/ /bugs.launchpad .net/ossa/ +bug/1543402 for at least one discussion of that. That example was made public, but I think it was only because the information was already out there.
As for the fix, should we use oslo_utils. strutils. mask_password? The patterns it's currently using wouldn't match this case today, but they could (and probably should?) be updated to match.