Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2849

SCP plugin v 1.5.2 stores clear text passwords and passphrases

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: scp-plugin
    • Labels:
    • Environment:
      Platform: All, OS: All
    • Similar Issues:

      Description

      The current version 1.5.2 of the SCP plugin hides the password during entry in
      the user interface, but stores the password or passphrase in clear text in the
      plugin configuration file. This is a security risk. The password should be
      stored in an encrypted format and only decrypted when a file transfer is being
      performed.

        Attachments

          Activity

          Show
          danielbeck Daniel Beck added a comment - We announced this vulnerability in https://jenkins.io/security/advisory/2017-10-23/#scp-publisher-plugin-stores-credentials-unencrypted-on-disk-round-trips-in-unencrypted-form

            People

            Assignee:
            ramazanyich2 ramazanyich2
            Reporter:
            jorshali jorshali
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: