DescriptionMurray McAllister
2014-10-02 02:24:38 UTC
Jenkins Security Advisory SECURITY-138 notes:
"If a parameterized job has a default value in a password field, that default value gets exposed to users with Job/READ permission."
Comment 1Murray McAllister
2014-10-02 02:42:15 UTC
Acknowledgements:
Red Hat would like to thank the Jenkins project for reporting this issue. Upstream acknowledges Matthias Schmalz as the original reporter.
Comment 2Murray McAllister
2014-10-02 02:52:08 UTC