[JENKINS-35503] Slack plugin reveals integration token - Jenkins Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Component/s: slack-plugin
Labels:
- security

Similar Issues:

Show

Description

The Slack plugin reveals the integration token in the global configuration. In environments when many people have access to view the global configuration, this presents a security vulnerability since the token appears to give access to quite a bit of the Slack instance (though it's not entirely clear where that's configured).

Attachments

Issue Links

links to

CloudBees Internal OSS-1367

Activity

People

Assignee:: Kurt Madel

Reporter:: Dominic Hargreaves

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2016-06-09 15:22

Updated:: 2017-12-05 05:46

Resolved:: 2016-11-19 14:48