[JENKINS-70168] Generate random secret for agent connection

Type: Improvement
Resolution: Unresolved
Priority: Minor
Component/s: core
Labels:
- agents
- security

Similar Issues:
Powered by SuggestiMate

Show

Context

It was reported as https://issues.jenkins.io/browse/SECURITY-2425, but considered as an improvement instead of a vulnerability. The documentation was updated in https://github.com/jenkinsci/remoting/pull/476.
Also discussed in https://github.com/jenkinsci/docker-inbound-agent/pull/76#issuecomment-1329019981.

Idea

Currently the HMAC is generated using the agent name, which is deterministic. It could be also potentially reused, generating potential issues. Having a randomly generated secret during agent creation could ease reusability of name and configuration through JCasC.

Wadeck Follonier created issue - 2022-11-29 08:55

Wadeck Follonier made changes - 2022-11-29 08:55

Link

New: This issue duplicates SECURITY-2425 [ SECURITY-2425 ]

Jesse Glick made changes - 2022-11-29 12:46

Component/s		New: core [ 15593 ]
Component/s	Original: remoting [ 15489 ]

Jesse Glick made changes - 2022-11-29 12:46

Labels

New: agents

Jesse Glick made changes - 2022-11-29 12:47

Labels

Original: agents

New: agents security

Jesse Glick made changes - 2022-11-29 12:47

Assignee

Original: Jeff Thompson [ jthompson ]

Assignee:: Unassigned

Reporter:: Wadeck Follonier

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022-11-29 08:55

Updated:: 2022-11-29 12:47

Jenkins

Details

Description

Context

Idea

Attachments

Activity

People

Dates