You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently auth token (API key) in Jenkins is kept in plain text format and can be seen using Jenkins/project configuration page and by browsing Jenkins configuration files.
Fortunately access to those pages should be restricted and in addition auth token allows an attacker to smaller number of operations. Nevertheless having na auth token allows to execute arbitrary operation as the user configured in Jenkins. In addition it complicates bootstrapping Jenkins instances (as that file has to be additionally protected).
The text was updated successfully, but these errors were encountered:
Currently auth token (API key) in Jenkins is kept in plain text format and can be seen using Jenkins/project configuration page and by browsing Jenkins configuration files.
Fortunately access to those pages should be restricted and in addition auth token allows an attacker to smaller number of operations. Nevertheless having na auth token allows to execute arbitrary operation as the user configured in Jenkins. In addition it complicates bootstrapping Jenkins instances (as that file has to be additionally protected).
The text was updated successfully, but these errors were encountered: