Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25033

Credentials metadata leaks

XMLWordPrintable

      doFillCredentialsIdItems in DockerBuilderNewTemplate, DockerBuilderControlOptionRun, DockerTemplate should do some kind of security check, probably

      if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
    return new ListBoxModel();
}

      (or something more specific if you have it) lest they expose credentials IDs and descriptions to anonymous users.

          [JENKINS-25033] Credentials metadata leaks

          Kanstantsin Shautsou added a comment -

          Do you have any example from other plugin that deal with credentials?

          Kanstantsin Shautsou added a comment - Do you have any example from other plugin that deal with credentials?

          Jesse Glick added a comment -

          Not sure, do not even remember filing this actually.

          Jesse Glick added a comment - Not sure, do not even remember filing this actually.

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Nicolas De Loof
          Path:
          docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/DockerCloud.java
          docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/DockerRegistry.java
          docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/DockerTemplateBase.java
          docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/builder/DockerBuilderNewTemplate.java
          http://jenkins-ci.org/commit/docker-plugin/84fa7fdeb705092bd1e807415d971d729f0c0364
          Log:
          JENKINS-25033 prevent credentials leak

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Nicolas De Loof Path: docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/DockerCloud.java docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/DockerRegistry.java docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/DockerTemplateBase.java docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/builder/DockerBuilderNewTemplate.java http://jenkins-ci.org/commit/docker-plugin/84fa7fdeb705092bd1e807415d971d729f0c0364 Log: JENKINS-25033 prevent credentials leak

            ndeloof Nicolas De Loof
            jglick Jesse Glick
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: