[JENKINS-26955] API token can be extracted from config page after save

Type: Bug
Resolution: Unresolved
Priority: Major
Component/s: ghprb-plugin
Labels:
Environment:
Jenkins 1.598
ghprb-plugin 1.16-8

Similar Issues:
Powered by SuggestiMate

Show

Hi everyone,

I've noticed that after I save API token at settings page, I can access the token under asterisk using browser's developer console. This is very insecure, token can be seen by anyone who has access to settings. I suspect GitHub shows token only once due to security risks as well.

There are no comments yet on this issue.

Assignee:: Unassigned

Reporter:: Dmitry P

Votes:: 1 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2015-02-13 16:11

Updated:: 2017-12-21 11:29

Jenkins

Details

Description

Attachments

Activity

People

Dates