[JENKINS-14395] S3 Plugin credentials stored insecurely - Jenkins Jira

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Critical
Resolution: Fixed
Component/s: s3-plugin
Labels:
None

Similar Issues:

Show

Description

S3 Bucket credential keys (both access and secret) are stored/managed in such a way that anyone with access to the config page can easily retreive them (easy as in view-source).

Once saved, they should not be retrievable through the web interface.

Attachments

Activity

Ascending order - Click to sort in descending order

mcrooney added a comment - 2012-07-13 00:49

Thanks for the report! I'll assign this to one of the maintainers listed on the Wiki.

mcrooney added a comment - 2012-07-13 00:49 Thanks for the report! I'll assign this to one of the maintainers listed on the Wiki.

Michael Watt added a comment - 2012-09-21 10:51

Unassigning. Someone else may want to pick this up, as I won't be able to anytime soon.

Michael Watt added a comment - 2012-09-21 10:51 Unassigning. Someone else may want to pick this up, as I won't be able to anytime soon.

Tim Olsen added a comment - 2013-12-18 16:26

It looks like this issue may have been resolved in 0.4 (according to the Version History). Should this issue be resolved/closed ?

Tim Olsen added a comment - 2013-12-18 16:26 It looks like this issue may have been resolved in 0.4 (according to the Version History ). Should this issue be resolved/closed ?

mcrooney added a comment - 2013-12-18 18:24

Thanks Tim, I think so, as it specifically references this issue.

mcrooney added a comment - 2013-12-18 18:24 Thanks Tim, I think so, as it specifically references this issue.

People

Assignee:: Unassigned

Reporter:: Theral Mackey

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2012-07-11 22:07

Updated:: 2013-12-18 18:24

Resolved:: 2013-12-18 18:24