Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2849

SCP plugin v 1.5.2 stores clear text passwords and passphrases

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: scp-plugin
    • Labels:
    • Environment:
      Platform: All, OS: All
    • Similar Issues:

      Description

      The current version 1.5.2 of the SCP plugin hides the password during entry in
      the user interface, but stores the password or passphrase in clear text in the
      plugin configuration file. This is a security risk. The password should be
      stored in an encrypted format and only decrypted when a file transfer is being
      performed.

        Attachments

          Activity

          Show
          danielbeck Daniel Beck added a comment - We announced this vulnerability in https://jenkins.io/security/advisory/2017-10-23/#scp-publisher-plugin-stores-credentials-unencrypted-on-disk-round-trips-in-unencrypted-form

            People

            • Assignee:
              ramazanyich2 ramazanyich2
              Reporter:
              jorshali jorshali
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: