[JIRA] [quality-gates-plugin] (JENKINS-34427) Sonar user password is stored in plain text in every job configuration
Title: Message Title Stefan Brausch commented on JENKINS-34427 Re: Sonar user password is stored in plain text in every job configuration Thanks a lot. Good work Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [quality-gates-plugin] (JENKINS-34427) Sonar user password is stored in plain text in every job configuration
Title: Message Title Jochen A. Fürbacher closed an issue as Fixed Fixed. Jenkins / JENKINS-34427 Sonar user password is stored in plain text in every job configuration Change By: Jochen A. Fürbacher Status: Resolved Closed Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [quality-gates-plugin] (JENKINS-34427) Sonar user password is stored in plain text in every job configuration
Title: Message Title Jochen A. Fürbacher commented on JENKINS-34427 Re: Sonar user password is stored in plain text in every job configuration Hi Ivana, thank you very much! We tested it and it workes well. Great job! It's great to have such a useful plugin, now. Cheers! Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [quality-gates-plugin] (JENKINS-34427) Sonar user password is stored in plain text in every job configuration
Title: Message Title Ivana Sh commented on JENKINS-34427 Re: Sonar user password is stored in plain text in every job configuration Hi, we resolved the issues, so you can check them now, and give us feedback Thanks, Cheers Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [quality-gates-plugin] (JENKINS-34427) Sonar user password is stored in plain text in every job configuration
Title: Message Title Ivana Sh resolved as Fixed Jenkins / JENKINS-34427 Sonar user password is stored in plain text in every job configuration Change By: Ivana Sh Status: In Progress Resolved Resolution: Fixed Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [quality-gates-plugin] (JENKINS-34427) Sonar user password is stored in plain text in every job configuration
Title: Message Title Ivana Sh commented on JENKINS-34427 Re: Sonar user password is stored in plain text in every job configuration Hi Stefan and Jochen, thank you for your remarks, we will try to resolve this as soon as possible. Cheers. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [quality-gates-plugin] (JENKINS-34427) Sonar user password is stored in plain text in every job configuration
Title: Message Title Stefan Brausch updated an issue Jenkins / JENKINS-34427 Sonar user password is stored in plain text in every job configuration Screenshot from JobConfigHistory output added Change By: Stefan Brausch Attachment: Bildschirmfoto 2016-05-04 um 09.24.33.png Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [quality-gates-plugin] (JENKINS-34427) Sonar user password is stored in plain text in every job configuration
Title: Message Title Stefan Brausch updated an issue Jenkins / JENKINS-34427 Sonar user password is stored in plain text in every job configuration Change By: Stefan Brausch Environment: Quality Gates Plugin version 2.3Jenkins core version 1.652 Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [quality-gates-plugin] (JENKINS-34427) Sonar user password is stored in plain text in every job configuration
Title: Message Title Pasha Sh. commented on JENKINS-34427 Re: Sonar user password is stored in plain text in every job configuration Can submitter or someone else please provide details to reproduce this issue? Mostly interested in versions of SonarQube, Jenkins and SQ Jenkins plugin that were used. We are on latest Jenkins LTS + SQ Jenkins plugin 2.4 and I'm not seeing any plaintext credentials in the job configs. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [quality-gates-plugin] (JENKINS-34427) Sonar user password is stored in plain text in every job configuration
Title: Message Title Pasha Sh. updated an issue Jenkins / JENKINS-34427 Sonar user password is stored in plain text in every job configuration Change By: Pasha Sh. Comment: Can submitter or someone else please provide details to reproduce this issue? Mostly interested in versions of SonarQube, Jenkins and SQ Jenkins plugin that were used. We are on latest Jenkins LTS + SQ Jenkins plugin 2.4 and I'm not seeing any plaintext credentials in the job configs. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [quality-gates-plugin] (JENKINS-34427) Sonar user password is stored in plain text in every job configuration
Title: Message Title Jochen A. Fürbacher edited a comment on JENKINS-34427 Re: Sonar user password is stored in plain text in every job configuration Hi Ivana,I see two problems Stefan mentioned:- Security: When you configure the sonar instance globally and configure a job to use this sonar instance, then the CURRENT password of the sonar instance (that one, that's configured globally) get's also stored in the job configuration. All users (also those without admin rights) can see that password. It's not just the default password!- (Not sure about that) When the admin configures a sonar instance globally, and a job get's configured to use that instance (how discribed above), the vurrent current password get's stored in the job configuration. When the admin changes to password for one this sonar instance, then the old password stays remain in the job config.Stefan and I noticed another major security issue: When the admin does a global configuration, the credentials (incl. the sonar password) get's logged in plaintext! Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [quality-gates-plugin] (JENKINS-34427) Sonar user password is stored in plain text in every job configuration
Title: Message Title Jochen A. Fürbacher commented on JENKINS-34427 Re: Sonar user password is stored in plain text in every job configuration Hi Ivana, I see two problems Stefan mentioned: Security: When you configure the sonar instance globally and configure a job to use this sonar instance, then the CURRENT password of the sonar instance (that one, that's configured globally) get's also stored in the job configuration. All users (also those without admin rights) can see that password. It's not just the default password! (Not sure about that) When the admin configures a sonar instance globally, and a job get's configured to use that instance (how discribed above), the vurrent password get's stored in the job configuration. When the admin changes to password for one this sonar instance, then the old password stays remain in the job config. Stefan and I noticed another major security issue: When the admin does a global configuration, the credentials (incl. the sonar password) get's logged in plaintext! Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [quality-gates-plugin] (JENKINS-34427) Sonar user password is stored in plain text in every job configuration
Title: Message Title Ivana Sh started work on JENKINS-34427 Change By: Ivana Sh Status: Open In Progress Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [quality-gates-plugin] (JENKINS-34427) Sonar user password is stored in plain text in every job configuration
Title: Message Title Ivana Sh commented on JENKINS-34427 Re: Sonar user password is stored in plain text in every job configuration Hi Stefan, we left the password for the Sonar like that because it is default password and username for every Sonar installation, so in any case if you have Sonar installed you should change the default password because otherwise it will be that one. Then in the the global configuration you will put your new password(the changed one) and it will be ok. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [quality-gates-plugin] (JENKINS-34427) Sonar user password is stored in plain text in every job configuration
Title: Message Title Stefan Brausch created an issue Jenkins / JENKINS-34427 Sonar user password is stored in plain text in every job configuration Issue Type: Bug Assignee: Ivana Sh Components: quality-gates-plugin Created: 2016/Apr/25 11:27 AM Priority: Critical Reporter: Stefan Brausch The sonar user password that the admin configured in the system configuration is stored in plain text in every job configuration. Thats a security issue. Im also not sure what will happen, if the admin changed the password in the system configuration. Has the job then still the old password and problems to access sonar? Add Comment
