Loading...

This issue is archived. You can view it, but you can't modify it. Learn more

Log In
Closed

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: ssh-credentials-plugin
Labels:
- issue-exported-to-github
- security
Environment:
Credentials plugin version 1.18 on Jenkins 1.580.3 on ubuntu 14.04 LTS

The credentials.xml file holds a plaintext copy of the credentials stored via Jenkins. On a fresh install of Jenkins, this file has world readable permissions by default:

$ ls -l /var/lib/jenkins/credentials.xml
~~rw-r~~r- 1 jenkins jenkins 2863 Feb 12 19:00 /var/lib/jenkins/credentials.xml

It should have at least group readable permissions only.

Assignee:: Stephen Connolly
Reporter:: William Hutson

Created:: 2015-02-12 19:51
Updated:: 1 week ago 20:00
Resolved:: 2015-10-12 12:40
Archived:: 1 week ago 20:00

Details

Description

Attachments

Activity

People

Dates