[JENKINS-2849] SCP plugin v 1.5.2 stores clear text passwords and passphrases - Jenkins Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Component/s: scp-plugin
Labels:
- security
Environment:
Platform: All, OS: All

Similar Issues:

Show

Description

The current version 1.5.2 of the SCP plugin hides the password during entry in
the user interface, but stores the password or passphrase in clear text in the
plugin configuration file. This is a security risk. The password should be
stored in an encrypted format and only decrypted when a file transfer is being
performed.

Attachments

Activity

Daniel Beck added a comment - 2017-12-05 20:55

We announced this vulnerability in https://jenkins.io/security/advisory/2017-10-23/#scp-publisher-plugin-stores-credentials-unencrypted-on-disk-round-trips-in-unencrypted-form

Daniel Beck added a comment - 2017-12-05 20:55 We announced this vulnerability in https://jenkins.io/security/advisory/2017-10-23/#scp-publisher-plugin-stores-credentials-unencrypted-on-disk-round-trips-in-unencrypted-form

People

Assignee:: ramazanyich2

Reporter:: jorshali

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2009-01-14 09:38

Updated:: 2018-08-28 08:14