Outage in Cognite Service

Python SDK: Potential leak of auth headers with DEBUG log level due to use of requests_oauthlib

Resolved Minor
April 03, 2024 - Started 4 months ago - Lasted 3 months

Need to monitor Cognite Service outages?
Stay on top of outages with IsDown. Monitor the official status pages of all your vendors, SaaS, and tools, including Cognite Service, and never miss an outage again.
Start Free Trial

Outage Details

Cognite have identified a security issue in one of the dependencies of the cognite-sdk-python package, namely requests_oauthlib. This issue causes authorization headers to be logged when the library is configured to log at the DEBUG level. We are currently pursuing ways to address this in the SDK. In the meantime we would strongly urge any clients to review their log level settings, and ensure that log statements from requests_oautlib are logged at level INFO or higher. If you continue using DEBUG-level logging, we recommend limiting access to logs until tokens/credentials have expired. NOTE: the DEBUG logging for requests_oauthlib is a feature and not considered a security flaw, but Cognite wanted to post this notification to bring awareness to the users of our SDK.
Latest Updates ( sorted recent to last )
IDENTIFIED 4 months ago - at 04/09/2024 12:44PM

The engineering team is currently working with the authors of the requests-oauthlib to improve the security of their debug logging. A pull request has been drafted and discussions are ongoing. See details here: https://github.com/requests/requests-oauthlib/pull/539

IDENTIFIED 4 months ago - at 04/03/2024 11:57AM

Cognite have identified a security issue in one of the dependencies of the cognite-sdk-python package, namely requests_oauthlib. This issue causes authorization headers to be logged when the library is configured to log at the DEBUG level. We are currently pursuing ways to address this in the SDK. In the meantime we would strongly urge any clients to review their log level settings, and ensure that log statements from requests_oautlib are logged at level INFO or higher.

If you continue using DEBUG-level logging, we recommend limiting access to logs until tokens/credentials have expired.

NOTE: the DEBUG logging for requests_oauthlib is a feature and not considered a security flaw, but Cognite wanted to post this notification to bring awareness to the users of our SDK.

Start monitoring all your vendors in 5 minutes

With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.

Start free trial

No credit card required · Cancel anytime · 3203 services available

Integrations with Slack Microsoft Teams Google Chat Datadog PagerDuty Zapier Discord Webhook

Setup in 5 minutes or less

How much time you'll save your team, by having the outages information close to them?

14-day free trial · No credit card required · Cancel anytime