Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33978

secret data is written to a file before it is secured.

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      not a security issue yet as it is only in a beta and the window of opportunity is really really really small

      but the setup wizard writes an admin password to a file before it sets appropriate permissions on the file.

        Attachments

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Daniel Beck
            Path:
            core/src/main/java/jenkins/install/SetupWizard.java
            http://jenkins-ci.org/commit/jenkins/964e967ad98fbd5040ab75ff98f0cc8238bbd09a
            Log:
            Merge pull request #2203 from jenkinsci/jtnord-patch-1

            [FIX JENKINS-33978] Set file permissions on the file before writing the secret

            Compare: https://github.com/jenkinsci/jenkins/compare/37c00cf2aff0...964e967ad98f

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/jenkins/install/SetupWizard.java http://jenkins-ci.org/commit/jenkins/964e967ad98fbd5040ab75ff98f0cc8238bbd09a Log: Merge pull request #2203 from jenkinsci/jtnord-patch-1 [FIX JENKINS-33978] Set file permissions on the file before writing the secret Compare: https://github.com/jenkinsci/jenkins/compare/37c00cf2aff0...964e967ad98f

              People

              • Assignee:
                teilo James Nord
                Reporter:
                teilo James Nord
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: