Details

    • Similar Issues:

      Description

      doFillCredentialsIdItems in DockerBuilderNewTemplate, DockerBuilderControlOptionRun, DockerTemplate should do some kind of security check, probably

      if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
          return new ListBoxModel();
      }
      

      (or something more specific if you have it) lest they expose credentials IDs and descriptions to anonymous users.

        Attachments

          Issue Links

            Activity

            Hide
            integer Kanstantsin Shautsou added a comment -

            Do you have any example from other plugin that deal with credentials?

            Show
            integer Kanstantsin Shautsou added a comment - Do you have any example from other plugin that deal with credentials?
            Hide
            jglick Jesse Glick added a comment -

            Not sure, do not even remember filing this actually.

            Show
            jglick Jesse Glick added a comment - Not sure, do not even remember filing this actually.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Nicolas De Loof
            Path:
            docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/DockerCloud.java
            docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/DockerRegistry.java
            docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/DockerTemplateBase.java
            docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/builder/DockerBuilderNewTemplate.java
            http://jenkins-ci.org/commit/docker-plugin/84fa7fdeb705092bd1e807415d971d729f0c0364
            Log:
            JENKINS-25033 prevent credentials leak

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Nicolas De Loof Path: docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/DockerCloud.java docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/DockerRegistry.java docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/DockerTemplateBase.java docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/builder/DockerBuilderNewTemplate.java http://jenkins-ci.org/commit/docker-plugin/84fa7fdeb705092bd1e807415d971d729f0c0364 Log: JENKINS-25033 prevent credentials leak

              People

              • Assignee:
                ndeloof Nicolas De Loof
                Reporter:
                jglick Jesse Glick
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: