![]() |
|
|
|
|
Issue Type:
|
![Bug]() Bug
|
|
Assignee:
|
Honza Brázdil
|
|
Components:
|
ghprb-plugin |
|
Created:
|
13/Feb/15 4:11 PM
|
|
Description:
|
Hi everyone,
I've noticed that after I save API token at settings page, I can access the token under asterisk using browser's developer console. This is very insecure, token can be seen by anyone who has access to settings. I suspect GitHub shows token only once due to security risks as well.
|
|
Environment:
|
Jenkins 1.598
ghprb-plugin 1.16-8
|
|
Project:
|
Jenkins
|
|
Labels:
|
plugin
security
configuration
|
|
Priority:
|
![Major]() Major
|
|
Reporter:
|
Dmitry P
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit
https://groups.google.com/d/optout.
