Stephan created an issue |
Issue Type: |
Bug |
---|---|
Affects Versions: |
2.14.0 |
Assignee: |
Unassigned |
Components: |
Security |
Created: |
14/Feb/19 9:38 PM |
Priority: |
Medium |
Reporter: |
When a user can access the administrative area of the site, it is possible to view the database connection information on an existing store. When viewing the data source, as seen below, the password is replaced with a line of asterisks. However, when a user views the source of the page, the information is shown in clear text </li> <input class=“text” type=“password” value=“SuperSecretPassword” name=“parametersPanel:parameters:6:parameterPanel:border:border_body:paramValue”/> </div> |
Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS |
|
This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100098-sha1:ec9f386) |