1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-845

[JENKINS:SECURITY-845] Publish Over Dropbox Plugin stored credentials in plain text

Severity Low
Affected Packages 2
Fixed Packages 2
Info Packages References

Publish Over Dropbox Plugin stored authorization code and access code unencrypted in its global configuration file on the Jenkins controller.
These secrets could be viewed by users with access to the Jenkins controller file system.

Additionally, the authorization code was not masked from view using a password form field.

The plugin now stores these secrets encrypted in the configuration files on disk and no longer transfers the authorization code to users viewing the configuration form in plain text.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/publish-over-dropbox <= 1.2.4
pkg:github/jenkinsci/publish-over-dropbox-plugin <= 1.2.4
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/publish-over-dropbox = 1.2.5
pkg:github/jenkinsci/publish-over-dropbox-plugin = 1.2.5
ID
JENKINS:SECURITY-845
Severity
low
Published
2018-09-25T00:00:00
(6 years ago)
Modified
2018-09-25T00:00:00
(6 years ago)
Rights
Jenkins Security Team
Source # ID Name URL
Plugin repository publish-over-dropbox repository https://github.com/jenkinsci/publish-over-dropbox-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/publish-over-dropbox org.jenkins-ci.plugins publish-over-dropbox <= 1.2.4
Fixed pkg:maven/org.jenkins-ci.plugins/publish-over-dropbox org.jenkins-ci.plugins publish-over-dropbox = 1.2.5
Affected pkg:github/jenkinsci/publish-over-dropbox-plugin jenkinsci publish-over-dropbox-plugin <= 1.2.4
Fixed pkg:github/jenkinsci/publish-over-dropbox-plugin jenkinsci publish-over-dropbox-plugin = 1.2.5