[JENKINS-33978] secret data is written to a file before it is secured.

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: core
Labels:
- 2.0
- 2.0-beta
- 2.0-planned

Similar Issues:
Powered by SuggestiMate

Show

not a security issue yet as it is only in a beta and the window of opportunity is really really really small

but the setup wizard writes an admin password to a file before it sets appropriate permissions on the file.

links to

SCM/JIRA link daemon added a comment - 2016-04-05 19:18

Code changed in jenkins
User: Daniel Beck
Path:
core/src/main/java/jenkins/install/SetupWizard.java
http://jenkins-ci.org/commit/jenkins/964e967ad98fbd5040ab75ff98f0cc8238bbd09a
Log:
Merge pull request #2203 from jenkinsci/jtnord-patch-1

[FIX JENKINS-33978] Set file permissions on the file before writing the secret

Compare: https://github.com/jenkinsci/jenkins/compare/37c00cf2aff0...964e967ad98f

SCM/JIRA link daemon added a comment - 2016-04-05 19:18 Code changed in jenkins User: Daniel Beck Path: core/src/main/java/jenkins/install/SetupWizard.java http://jenkins-ci.org/commit/jenkins/964e967ad98fbd5040ab75ff98f0cc8238bbd09a Log: Merge pull request #2203 from jenkinsci/jtnord-patch-1 [FIX JENKINS-33978] Set file permissions on the file before writing the secret Compare: https://github.com/jenkinsci/jenkins/compare/37c00cf2aff0...964e967ad98f

Assignee:: Unassigned

Reporter:: James Nord

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2016-04-01 10:51

Updated:: 2020-12-10 13:45

Resolved:: 2016-04-05 19:18

Details

Description

Attachments

Issue Links

Activity

Collapse comment: SCM/JIRA link daemon added a comment - 2016-04-05 19:18

Expand comment: SCM/JIRA link daemon added a comment - 2016-04-05 19:18

People

Dates