[JENKINS-56865] Password to access InfluxDB is stored unencrypted on disk

Type: Improvement
Resolution: Fixed
Priority: Minor
Component/s: influxdb-plugin
Labels:
None
Environment:
Version 1.20.4, Jenkins 2.170

Similar Issues:
Powered by SuggestiMate

Show
Released As:
1.22

When configuring the plugin on "Configure System", the username and password are typed directly in a field - see attached screen shot.

When saving, the user/password to access InfluxDB are saved in jenkinsci.plugins.influxdb.InfluxDbPublisher.xml unencrypted.

This plugin should make use of Jenkins credentials, and have a dropbox here to select the correct username/password credentials.

This is a security issue in my opinion and needs to be fixed ASAP.
Thanks.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

Screen Shot 2019-04-03 at 11.22.52.png
17 kB
2019-04-03 14:23

Aleksi Simell added a comment - 2019-04-04 04:47

You're absolutely true. It should use Jenkins credentials instead. I'll see what I can do.

Aleksi Simell added a comment - 2019-04-04 04:47 You're absolutely true. It should use Jenkins credentials instead. I'll see what I can do.

Aleksi Simell added a comment - 2019-06-03 06:43

Fix was done and released in version 1.22.

In the future, please submit security related issues to SECURITY project as informed in https://jenkins.io/security/.

Aleksi Simell added a comment - 2019-06-03 06:43 Fix was done and released in version 1.22. In the future, please submit security related issues to SECURITY project as informed in https://jenkins.io/security/ .

An Nguyen added a comment - 2019-07-12 09:58

Do we have a ticket for making this plugin uses Jenkins credentials instead?

An Nguyen added a comment - 2019-07-12 09:58 Do we have a ticket for making this plugin uses Jenkins credentials instead?

Assignee:: Aleksi Simell

Reporter:: Michel Zanini

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2019-04-03 14:25

Updated:: 2019-07-12 09:58

Resolved:: 2019-06-03 06:43

Details

Description

Attachments

Attachments

Activity

Collapse comment: Aleksi Simell added a comment - 2019-04-04 04:47

Expand comment: Aleksi Simell added a comment - 2019-04-04 04:47

Collapse comment: Aleksi Simell added a comment - 2019-06-03 06:43

Expand comment: Aleksi Simell added a comment - 2019-06-03 06:43

Collapse comment: An Nguyen added a comment - 2019-07-12 09:58

Expand comment: An Nguyen added a comment - 2019-07-12 09:58

People

Dates