[JIRA] [hipchat-plugin] (JENKINS-26845) Security: HipChat Plugin can leak global hipchat server host name and token

[gen...@gmail.com (JIRA)]

Gennady Feldman created JENKINS-26845 Security: HipChat Plugin can leak global hipchat server host name and token Issue Type: Bug Assignee: Unassigned Components: hipchat-plugin Created: 07/Feb/15 2:29 AM Description: It seems that when you save a Jenkins job with HipChat plugin installed it copies the Global configuration settings into the job XML file. Anybody who can view job configuration or job configuration history can see the sensitive HipChat server and token information. This is a security issue and also a pain to update if you need to re-save 30+ jenkins jobs. Project: Jenkins Labels: security Priority: Critical Reporter: Gennady Feldman

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.