[JENKINS-25034] Credentials metadata leak in Hypervisor

Type: Bug
Resolution: Fixed
Priority: Blocker
Component/s: libvirt-slave-plugin
Labels:
- credentials
- security

Similar Issues:
Powered by SuggestiMate

Show
Released As:
https://github.com/jenkinsci/libvirt-slave-plugin/commit/a14e4387f9cbddb86db1eb55985ff74502e926dc

Hypervisor.DescriptorImpl.doFillCredentialsIdItems should have a permissions check lest it expose credentials IDs and descriptions to anonymous users. Check ssh-slaves-plugin for suggestions.

Jesse Glick created issue - 2014-10-07 21:26

Jesse Glick made changes - 2014-10-07 21:30

Link

New: This issue is blocking SECURITY-158 [ SECURITY-158 ]

G. Kr. made changes - 2015-10-05 22:21

Assignee

Original: Philipp Bartsch [ tastybug ]

New: G. Kr. [ gkr ]

R. Tyler Croy made changes - 2016-07-25 23:51

Workflow

Original: JNJira [ 158934 ]

New: JNJira + In-Review [ 179798 ]

Bastian Germann made changes - 2020-07-03 13:40

Assignee

Original: G. Kr. [ gkr ]

New: Bastian Germann [ bgermann ]

Bastian Germann made changes - 2020-07-03 13:45

Released As		New: https://github.com/jenkinsci/libvirt-slave-plugin/commit/a14e4387f9cbddb86db1eb55985ff74502e926dc
Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Fixed but Unreleased [ 10203 ]

Bastian Germann made changes - 2020-07-06 18:11

Status

Original: Fixed but Unreleased [ 10203 ]

New: Resolved [ 5 ]

Bastian Germann made changes - 2020-09-29 12:59

Status

Original: Resolved [ 5 ]

New: Closed [ 6 ]

Assignee:: Bastian Germann

Reporter:: Jesse Glick

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2014-10-07 21:26

Updated:: 2020-09-29 12:59

Resolved:: 2020-07-03 13:45

Jenkins

Details

Description

Attachments

Activity

People

Dates