Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25033

Credentials metadata leaks

XMLWordPrintable

      doFillCredentialsIdItems in DockerBuilderNewTemplate, DockerBuilderControlOptionRun, DockerTemplate should do some kind of security check, probably

      if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
    return new ListBoxModel();
}

      (or something more specific if you have it) lest they expose credentials IDs and descriptions to anonymous users.

          [JENKINS-25033] Credentials metadata leaks

          Jesse Glick created issue -
          Jesse Glick made changes -
          Link New: This issue is blocking SECURITY-158 [ SECURITY-158 ]
          Kanstantsin Shautsou made changes -
          Assignee New: Kanstantsin Shautsou [ integer ]

          Kanstantsin Shautsou added a comment -

          Do you have any example from other plugin that deal with credentials?

          Kanstantsin Shautsou added a comment - Do you have any example from other plugin that deal with credentials?

          Jesse Glick added a comment -

          Not sure, do not even remember filing this actually.

          Jesse Glick added a comment - Not sure, do not even remember filing this actually.
          Kanstantsin Shautsou made changes -
          Assignee Original: Kanstantsin Shautsou [ integer ] New: magnayn [ magnayn ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 158933 ] New: JNJira + In-Review [ 179797 ]
          Nicolas De Loof made changes -
          Assignee Original: magnayn [ magnayn ] New: Nicolas De Loof [ ndeloof ]
          Nicolas De Loof made changes -
          Remote Link New: This issue links to "PR (Web Link)" [ 17671 ]
          Nicolas De Loof made changes -
          Comment [ https://github.com/jenkinsci/docker-plugin/pull/509 ]

            ndeloof Nicolas De Loof
            jglick Jesse Glick
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: