API exposes plain text password for service integrations
Summary
API endpoint for project service integration exposes password in plain text. When querying API described in below document:
https://docs.gitlab.com/ce/api/services.html#create-edit-jira-service
Plain text password for defined integration is shown. This was checked only on JIRA integration as this is only we use in our project.
Steps to reproduce
Create JIRA service integration then query it via API.
Example Project
What is the current bug behavior?
Integration password is exposed.
What is the expected correct behavior?
Password should be obfusced / removed from API output.
Relevant logs and/or screenshots
(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's very hard to read otherwise.)
Output of checks
(If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com)
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:env:info
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
(If you can, link to the line of code that might be responsible for the problem)