IBM Cloud Private installer log contains sensitive information
CVEID: CVE-2019-4116 DESCRIPTION: IBM Cloud Private could disclose highly sensitive information in installer logs that could be use for further attacks against the system.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158115> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
IBM Cloud Private 2.1.x, 3.1.0, 3.1.1
For IBM Cloud Private 2.1.x, 3.1.0 and 3.1.1, apply the following steps or upgrade to 3.1.2 or 3.2.0:
1. Remove all docker exited containers on boot node
docker rm $(docker ps -f status=exited)
2. Remove the logs from cluster/logs directory
rm -rf /path/to/cluster/logs/*
None