[JENKINS-26955] API token can be extracted from config page after save

Type: Bug
Resolution: Unresolved
Priority: Major
Component/s: ghprb-plugin
Labels:
Environment:
Jenkins 1.598
ghprb-plugin 1.16-8

Similar Issues:
Powered by SuggestiMate

Show

Hi everyone,

I've noticed that after I save API token at settings page, I can access the token under asterisk using browser's developer console. This is very insecure, token can be seen by anyone who has access to settings. I suspect GitHub shows token only once due to security risks as well.

Dmitry P created issue - 2015-02-13 16:11

R. Tyler Croy made changes - 2016-07-25 23:51

Workflow

Original: JNJira [ 161142 ]

New: JNJira + In-Review [ 180584 ]

Honza Brázdil made changes - 2017-12-21 11:29

Assignee

Original: Honza Brázdil [ janinko ]

Assignee:: Unassigned

Reporter:: Dmitry P

Votes:: 1 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2015-02-13 16:11

Updated:: 2017-12-21 11:29

Jenkins

Details

Description

Attachments

Activity

People

Dates