Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16516

Masked Passwords are shown as input parameters in Build pipeline plugin

      1. I have configured global parameters for masking passwords. Plugin: Mask Passwords Plugin
      2. I have created job and enable mask password
      3. I have created build pipeline view. Plugin: Build Pipeline Plugin with the first job with masked passwords.

      The result was, that the input parameters contains masked password in plaintext in the pipeline view.

          [JENKINS-16516] Masked Passwords are shown as input parameters in Build pipeline plugin

          The same is true for passwords masked by the envinject plugin. They are all displayed, if "Show pipeline parameters" is set to true.

          Riccardo Gorza added a comment - The same is true for passwords masked by the envinject plugin. They are all displayed, if "Show pipeline parameters" is set to true.

          Klaus Stadler added a comment -

          Unfortunately, the problem is still there.
          Any chance this will be fixed?

          Klaus Stadler added a comment - Unfortunately, the problem is still there. Any chance this will be fixed?

          Thomas Carsuzan added a comment - Fixed in 1.4.3-SNAPSHOT Commit : https://github.com/jenkinsci/build-pipeline-plugin/commit/bf1bedebaf8bc625367669f0e80fe36865355f4c

          It does not seem that these plugins set their data as sensitive.

          Thomas Carsuzan added a comment - It does not seem that these plugins set their data as sensitive.

          Thomas Carsuzan added a comment - - edited

          Now waiting for my MaskedPasswordPlugin pull request to be merged.

          https://github.com/jenkinsci/mask-passwords-plugin/pull/1
          Thomas

          Thomas Carsuzan added a comment - - edited Now waiting for my MaskedPasswordPlugin pull request to be merged. https://github.com/jenkinsci/mask-passwords-plugin/pull/1 Thomas

          Eric Lemes added a comment -

          I've rebuild the plugin from the source code and Thomas commit have fixed the problem for Job Password Parameters. The only issue I can observe is that Thomas' fix remove the parameter instead of masking it.

          I tried to simulate the issue with EnvInject plugin (I personally don't use it) and the injected variables don't appear in the pipeline view.

          I've created a pull request of this small fix: https://github.com/jenkinsci/build-pipeline-plugin/pull/36

          Eric Lemes added a comment - I've rebuild the plugin from the source code and Thomas commit have fixed the problem for Job Password Parameters. The only issue I can observe is that Thomas' fix remove the parameter instead of masking it. I tried to simulate the issue with EnvInject plugin (I personally don't use it) and the injected variables don't appear in the pipeline view. I've created a pull request of this small fix: https://github.com/jenkinsci/build-pipeline-plugin/pull/36

          Oleg Nenashev added a comment -

          The issue seems to be fixed. https://github.com/jenkinsci/mask-passwords-plugin/pull/4 will also produce lists of sensitive variables within the Mask Passwords plugin.

          Oleg Nenashev added a comment - The issue seems to be fixed. https://github.com/jenkinsci/mask-passwords-plugin/pull/4 will also produce lists of sensitive variables within the Mask Passwords plugin.

          Oleg Nenashev added a comment -

          2.7.4 has been released. Marking the issue as solved

          Oleg Nenashev added a comment - 2.7.4 has been released. Marking the issue as solved

            tetra Thomas Carsuzan
            rdkchrom Radek Chromy
            Votes:
            2 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: