Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-12904

WAS Builder exposes username and password when using "system information" for the Master or Slave

XMLWordPrintable

      I'm not sure if this is a problem with the plugin on Jenkins it self. The thread name of the was-builder task embeds the full command line which includes the username / password that was invoked. I see this as a security exposure when using the Jenkins ui.

          [JENKINS-12904] WAS Builder exposes username and password when using "system information" for the Master or Slave

          Daniel Petisme added a comment -

          Indeed, the issue is related to Jenkins itself and it's not the plugin's fault.
          We also encountered the issue.
          Have a look at the Mask Paswords Plugin. It'll mask the values you want and can automatically mask parameters values (such as Password Parameters or Non-Stored Password Parameters).

          Daniel Petisme added a comment - Indeed, the issue is related to Jenkins itself and it's not the plugin's fault. We also encountered the issue. Have a look at the Mask Paswords Plugin . It'll mask the values you want and can automatically mask parameters values (such as Password Parameters or Non-Stored Password Parameters).

          Walter Kacynski added a comment - - edited

          I looked at this plugin however it does not suppress this information from the thread dump only from the console output.

          Walter Kacynski added a comment - - edited I looked at this plugin however it does not suppress this information from the thread dump only from the console output.

            danielpetisme Daniel Petisme
            walterk82 Walter Kacynski
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: