History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: QB-3241
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Critical Critical
Assignee: Unassigned
Reporter: Georg Laschet
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
QuickBuild

The contents of a password field is displayed as plain text during a REST access to a building.

Created: 27/Aug/18 06:56 AM   Updated: 18/Sep/18 03:12 PM
Component/s: None
Affects Version/s: 8.0.8
Fix Version/s: 8.0.20

Original Estimate: Unknown Remaining Estimate: Unknown Time Spent: Unknown


 Description  « Hide
If I access a building via REST, for example http://QuickBuildServer:8810/rest/builds/76539, the value of a password field is displayed as plain text.

<entry>
    <string>Password</string>
    <com.pmease.quickbuild.SecretAwareString>
       <string>VisiblePassword</string>
       <masked>*****</masked>
   </com.pmease.quickbuild.SecretAwareString>
</entry>

 All   Comments   Work Log   Change History      Sort Order:
[ Permlink | « Hide ]
Robin Shen [28/Aug/18 01:44 PM]
The clear text secrets are only available to administrators (in case they need the secret to do something). For other users without administrative rights, they will be removed.


Powered by Atlassian JIRA™ the Professional Issue Tracker. (Standard Edition, Version: 3.7.4-#189) - Bug/feature request - Contact Administrators