Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-14395

S3 Plugin credentials stored insecurely

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Critical
    • Resolution: Fixed
    • s3-plugin
    • None

    Description

      S3 Bucket credential keys (both access and secret) are stored/managed in such a way that anyone with access to the config page can easily retreive them (easy as in view-source).

      Once saved, they should not be retrievable through the web interface.

      Attachments

        Activity

          mcrooney mcrooney added a comment -

          Thanks for the report! I'll assign this to one of the maintainers listed on the Wiki.

          mcrooney mcrooney added a comment - Thanks for the report! I'll assign this to one of the maintainers listed on the Wiki.
          mikewatt Michael Watt added a comment -

          Unassigning. Someone else may want to pick this up, as I won't be able to anytime soon.

          mikewatt Michael Watt added a comment - Unassigning. Someone else may want to pick this up, as I won't be able to anytime soon.
          tolsen Tim Olsen added a comment -

          It looks like this issue may have been resolved in 0.4 (according to the Version History). Should this issue be resolved/closed ?

          tolsen Tim Olsen added a comment - It looks like this issue may have been resolved in 0.4 (according to the Version History ). Should this issue be resolved/closed ?
          mcrooney mcrooney added a comment -

          Thanks Tim, I think so, as it specifically references this issue.

          mcrooney mcrooney added a comment - Thanks Tim, I think so, as it specifically references this issue.

          People

            Unassigned Unassigned
            tmack0 Theral Mackey
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: