Bug List: (11 of 13) First Last Prev Next   Show last search results
Bug 1143667 - AUDIT-FIND: obs-service-github_tarballs: plain-text password storage
Summary: AUDIT-FIND: obs-service-github_tarballs: plain-text password storage
Status: RESOLVED UPSTREAM
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Audits (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Adrian Schröter
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 1119444
  Show dependency treegraph
 
Reported: 2019-07-31 14:26 UTC by Malte Kraus
Modified: 2022-02-24 09:42 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Malte Kraus 2019-07-31 14:26:59 UTC 
attempts to read a file storing github credentials. (That probably would also break if it is not run as root.) Storing passwords in plain-text is not ideal, keyring support like in osc would be good.
Comment 1 Johannes Segitz 2020-11-24 15:50:53 UTC 
Tracked as https://github.com/openSUSE/obs-service-github_tarballs/issues/8 to increase visibility
Comment 2 Johannes Segitz 2022-02-24 09:42:55 UTC 
I close this here. It's not a security vulnerability in itself (even though it's really bad practice) and is tracked upstream
Bug List: (11 of 13) First Last Prev Next   Show last search results