[JIRA] (JENKINS-56865) Password to access InfluxDB is stored unencrypted on disk

4 views
Skip to first unread message

michelzanini@gmail.com (JIRA)

unread,
Apr 3, 2019, 10:26:03 AM4/3/19
to jenkinsc...@googlegroups.com
Michel Zanini created an issue
 
Jenkins / Task JENKINS-56865
Password to access InfluxDB is stored unencrypted on disk
Issue Type: Task Task
Assignee: Aleksi Simell
Attachments: Screen Shot 2019-04-03 at 11.22.52.png
Components: influxdb-plugin
Created: 2019-04-03 14:25
Environment: Version 1.20.4, Jenkins 2.170
Priority: Minor Minor
Reporter: Michel Zanini

When configuring the plugin on "Configure System", the username and password are typed directly in a field - see attached screen shot.

When saving, the user/password to access InfluxDB are saved in jenkinsci.plugins.influxdb.InfluxDbPublisher.xml unencrypted.

This plugin should make use of Jenkins credentials, and have a dropbox here to select the correct username/password credentials.

This is a security issue in my opinion and needs to be fixed ASAP.
Thanks.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

aleksi.simell@eficode.com (JIRA)

unread,
Apr 4, 2019, 12:48:02 AM4/4/19
to jenkinsc...@googlegroups.com
Aleksi Simell commented on Task JENKINS-56865
 
Re: Password to access InfluxDB is stored unencrypted on disk

You're absolutely true. It should use Jenkins credentials instead. I'll see what I can do.

aleksi.simell@eficode.com (JIRA)

unread,
Apr 10, 2019, 1:37:02 AM4/10/19
to jenkinsc...@googlegroups.com
Aleksi Simell updated an issue
 
Jenkins / Improvement JENKINS-56865
Change By: Aleksi Simell
Issue Type: Task Improvement

aleksi.simell@eficode.com (JIRA)

unread,
Jun 3, 2019, 2:44:02 AM6/3/19
to jenkinsc...@googlegroups.com
Aleksi Simell closed an issue as Fixed
 

Fix was done and released in version 1.22.

In the future, please submit security related issues to SECURITY project as informed in https://jenkins.io/security/.
Change By: Aleksi Simell
Status: Open Closed
Resolution: Fixed
Released As: 1.22

nthienan.it@gmail.com (JIRA)

unread,
Jul 12, 2019, 5:59:02 AM7/12/19
to jenkinsc...@googlegroups.com
An Nguyen commented on Improvement JENKINS-56865
 
Re: Password to access InfluxDB is stored unencrypted on disk

Do we have a ticket for making this plugin uses Jenkins credentials instead?
Reply all
Reply to author
Forward
0 new messages