Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
Description
The Slack plugin reveals the integration token in the global configuration. In environments when many people have access to view the global configuration, this presents a security vulnerability since the token appears to give access to quite a bit of the Slack instance (though it's not entirely clear where that's configured).
Attachments
Issue Links
- links to
Activity
Field | Original Value | New Value |
---|---|---|
Description | The Slack plugin reveals the integration token in the global configuration. In environments when many people have access to view the global configuration, this presents a security vulnerability since the token gives access to the | The Slack plugin reveals the integration token in the global configuration. In environments when many people have access to view the global configuration, this presents a security vulnerability since the token appears to give access to quite a bit of the Slack instance (though it's not entirely clear where that's configured). |
Workflow | JNJira [ 171807 ] | JNJira + In-Review [ 184485 ] |
Labels | security |
Priority | Minor [ 4 ] | Critical [ 2 ] |
Resolution | Fixed [ 1 ] | |
Status | Open [ 1 ] | Resolved [ 5 ] |
Status | Resolved [ 5 ] | Closed [ 6 ] |
Remote Link | This issue links to "CloudBees Internal OSS-1367 (Web Link)" [ 18727 ] |