-
Bug
-
Resolution: Fixed
-
Low
-
6.10.3
-
None
-
2
-
Severity 2 - Major
-
1
-
Issue Summary
Providing a passphrase encrypted by another Bamboo instance can break repositories and cause Bamboo to not start up.
Steps to Reproduce
1. Encode some text by Specs > Bamboo specs encryption dialog
2. Try to create a new repo using the UI with an ssh key for access
3. In the ssh key passphrase field of the created new linked repo UI enter the value from step 1.
Expected Results
Bamboo should invalidate repository creation
Actual Results
It will result in broken repo list and a server that won't start up any more.
The below exception is thrown in the atlassian-bamboo.log file when Bamboo is restarted and the instance will not start up:
2020-04-21 08:02:09,526 INFO \[localhost-startStop-1] \[CachedRepositoryDefinitionManagerImpl] Repository cache initialising... ... 2020-04-21 08:02:10,781 INFO \[localhost-startStop-1] \[SecretEncryptionServiceImpl] Can't decrypt data. It's possible data was encrypted by different cipher. Run Bamboo with system property \-Dbamboo.security.decryption.ignore.errors=true to ignore this error 2020-04-21 08:02:10,782 FATAL \[localhost-startStop-1] \[BambooContainer] Cannot start Bamboo java.lang.RuntimeException: org.bouncycastle.crypto.InvalidCipherTextException: pad block corrupted
Workaround
The repository with the bad encryption will need to be removed from the database (VCS_LOCATION). Please raise a support ticket for further help.
- relates to
-
BAM-20969 Can't use encrypted password for docker task credentials
-
- Gathering Impact
-
- is cloned as
-
BDEV-15990 Failed to load
[BAM-20946] Invalid passphrase value can cause Bamboo to not start up
Remote Link | Original: This issue links to "BDEV-15990 (Jira)" [ 485751 ] | New: This issue links to "BDEV-15990 (Hello Jira)" [ 485751 ] |
Resolution | New: Fixed [ 1 ] | |
Status | Original: Waiting for Release [ 12075 ] | New: Closed [ 6 ] |
Status | Original: In Progress [ 3 ] | New: Waiting for Release [ 12075 ] |
Fix Version/s | New: 7.1.0 [ 91519 ] | |
Fix Version/s | New: 7.0.5 [ 92010 ] |
Status | Original: Short Term Backlog [ 12074 ] | New: In Progress [ 3 ] |
Assignee | New: Alexey Chystoprudov [ achystoprudov ] |
Description |
Original:
h3. Issue Summary
Importing specs code with repository definition and using encrypted secret from the exported server as passphrase can break repositories and cause Bamboo to not start up h3. Steps to Reproduce 1. Export a spec from another Bamboo server which includes an SVN repo definition using an ssh key for access to the repo 2. Try to create a new repo using the UI with an ssh key for access 3. In the ssh key passphrase field of the created new linked repo UI enter the encrypted secret for the ssh key passphrase from the other server. h3. Expected Results Bamboo should invalidate the import h3. Actual Results It will result in broken repo list and a server that won't start up any more. The below exception is thrown in the atlassian-bamboo.log file when Bamboo is restarted and the instance will not start up: {noformat} 2020-04-21 08:02:09,526 INFO \[localhost-startStop-1] \[CachedRepositoryDefinitionManagerImpl] Repository cache initialising... ... 2020-04-21 08:02:10,781 INFO \[localhost-startStop-1] \[SecretEncryptionServiceImpl] Can't decrypt data. It's possible data was encrypted by different cipher. Run Bamboo with system property \-Dbamboo.security.decryption.ignore.errors=true to ignore this error 2020-04-21 08:02:10,782 FATAL \[localhost-startStop-1] \[BambooContainer] Cannot start Bamboo java.lang.RuntimeException: org.bouncycastle.crypto.InvalidCipherTextException: pad block corrupted {noformat} h3. Workaround The repository with the bad encryption will need to be removed from the database (VCS_LOCATION). Please raise a support ticket for further help. |
New:
h3. Issue Summary
Providing a passphrase encrypted by another Bamboo instance can break repositories and cause Bamboo to not start up. h3. Steps to Reproduce 1. Encode some text by Specs > Bamboo specs encryption dialog 2. Try to create a new repo using the UI with an ssh key for access 3. In the ssh key passphrase field of the created new linked repo UI enter the value from step 1. h3. Expected Results Bamboo should invalidate repository creation h3. Actual Results It will result in broken repo list and a server that won't start up any more. The below exception is thrown in the atlassian-bamboo.log file when Bamboo is restarted and the instance will not start up: {noformat} 2020-04-21 08:02:09,526 INFO \[localhost-startStop-1] \[CachedRepositoryDefinitionManagerImpl] Repository cache initialising... ... 2020-04-21 08:02:10,781 INFO \[localhost-startStop-1] \[SecretEncryptionServiceImpl] Can't decrypt data. It's possible data was encrypted by different cipher. Run Bamboo with system property \-Dbamboo.security.decryption.ignore.errors=true to ignore this error 2020-04-21 08:02:10,782 FATAL \[localhost-startStop-1] \[BambooContainer] Cannot start Bamboo java.lang.RuntimeException: org.bouncycastle.crypto.InvalidCipherTextException: pad block corrupted {noformat} h3. Workaround The repository with the bad encryption will need to be removed from the database (VCS_LOCATION). Please raise a support ticket for further help. |
Summary | Original: Incorrect passphrase value can cause Bamboo to not start up | New: Invalid passphrase value can cause Bamboo to not start up |
Summary | Original: Importing specs from a different Bamboo instance can cause Bamboo to not start up | New: Incorrect passphrase value can cause Bamboo to not start up |