[#QB-3241] The contents of a password field is displayed as plain text during a REST access to a building.

<< Back to previous view

[QB-3241] The contents of a password field is displayed as plain text during a REST access to a building. Created: 27/Aug/18 Updated: 18/Sep/18
Status:	Resolved
Project:	QuickBuild
Component/s:	None
Affects Version/s:	8.0.8
Fix Version/s:	8.0.20

Type:

Bug

Priority:

Critical

Reporter:

Georg Laschet

Assigned To:

Unassigned

Resolution:

Fixed

Votes:

Remaining Estimate:

Unknown

Time Spent:

Unknown

Original Estimate:

Unknown

Description

If I access a building via REST, for example http://QuickBuildServer:8810/rest/builds/76539, the value of a password field is displayed as plain text.

<entry>
    <string>Password</string>
    <com.pmease.quickbuild.SecretAwareString>
       <string>VisiblePassword</string>
       <masked>*****</masked>
   </com.pmease.quickbuild.SecretAwareString>
</entry>

Comments

Comment by Robin Shen [ 28/Aug/18 01:44 PM ]

The clear text secrets are only available to administrators (in case they need the secret to do something). For other users without administrative rights, they will be removed.

Generated at Wed Apr 24 17:33:10 UTC 2024 using JIRA 189.

[QB-3241] The contents of a password field is displayed as plain text during a REST access to a building. Created: 27/Aug/18 Updated: 18/Sep/18

[QB-3241] The contents of a password field is displayed as plain text during a REST access to a building.
Created: 27/Aug/18 Updated: 18/Sep/18