Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-35503

Slack plugin reveals integration token

    XMLWordPrintable

Details

    Description

      The Slack plugin reveals the integration token in the global configuration. In environments when many people have access to view the global configuration, this presents a security vulnerability since the token appears to give access to quite a bit of the Slack instance (though it's not entirely clear where that's configured).

      Attachments

        Issue Links

          Activity

            dom Dominic Hargreaves created issue -
            dom Dominic Hargreaves made changes -
            Field Original Value New Value
            Description The Slack plugin reveals the integration token in the global configuration. In environments when many people have access to view the global configuration, this presents a security vulnerability since the token gives access to the The Slack plugin reveals the integration token in the global configuration. In environments when many people have access to view the global configuration, this presents a security vulnerability since the token appears to give access to quite a bit of the Slack instance (though it's not entirely clear where that's configured).
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 171807 ] JNJira + In-Review [ 184485 ]
            jglick Jesse Glick made changes -
            Labels security
            jglick Jesse Glick made changes -
            Priority Minor [ 4 ] Critical [ 2 ]
            kmadel Kurt Madel made changes -
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Resolved [ 5 ]
            kmadel Kurt Madel made changes -
            Status Resolved [ 5 ] Closed [ 6 ]
            cloudbees CloudBees Inc. made changes -
            Remote Link This issue links to "CloudBees Internal OSS-1367 (Web Link)" [ 18727 ]

            People

              kmadel Kurt Madel
              dom Dominic Hargreaves
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: