Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 5.4, 5.4-OD-5
Affects Version/s: 5.0.1
Component/s: Security
Labels:
- cvss-medium
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Hey Atlassians!

You can see the contents of masked variables (the ones with "password" in their key) when you click on "Add variable to version" in release versioning configuration screen for deployment project.

Steps to reproduce:
1. Create a global variable with key: "testpassword" and value "abc". Normally, this variable is masked and you can't see the content.
2. Create a deployment project and click on "Configure project"
3. Go to "Release versioning"
4. Click on "Add variable to version"
5. Choose "testpassword" variable.

You can see the contents (i.e. password in plaintext) of the variable in the variables browser and also in the preview of release versions.

This also affects plan variables (not only global variables).

Cheers!
Greg

Attachments

Issue Links

duplicates

BAM-14143 Passwords visible on Deployment Projects Release Versioning Screen

Closed

was cloned as: BDEV-3777 Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Grzegorz Dlugoszewski

Votes:: 9 Vote for this issue

Watchers:: 12 Start watching this issue

Dates

Created:: 24/Sep/2013 8:35 AM

Updated:: 19/Aug/2019 2:02 AM

Resolved:: 21/Feb/2014 3:22 AM