Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Duplicate
-
Component/s: maven-plugin
-
Labels:None
-
Similar Issues:
Description
When running a maven job, it is possible to monitor the maven process.
Upon clicking on the 'Monitor Maven Process' link (http://my-jenkins:8080/job/MyMavenJob/123/probe/?), a page opens with the following options in the left column:
- System Properties
- Environment Variables
- Thread Dump
- Script Console
Clicking on either System Properties (http://my-jenkins:8080/job/MyMavenJob/123/probe/systemProperties) and/or Environment Variables (http://my-jenkins:8080/job/MyMavenJob/123/probe/envVars) it is possible to see all the passwords set in the Jenkins Management pages in plain text.
In contrast, the Environment Variables of a free-style job show the same table, but with the encrypted Password values.
http://my-jenkins:8080/job/MyFreeStyleJob/12/injectedEnvVars/?
Am I doing anything wrong here or is there a bug in the presentation of such passwords?
Just for completeness, I have the Mask Passwords Plugin installed and the following configured in my Maven Job.
- Inject passwords to the build as environment variables
- Global Passwords
- Mask passwords (and enable global passwords)
Thanks a lot,
Steve
Attachments
Issue Links
- duplicates
-
JENKINS-4428 MavenProbeAction exposes password parameters
-
- Resolved
-
Activity
Field | Original Value | New Value |
---|---|---|
Status | Open [ 1 ] | In Progress [ 3 ] |
Resolution | Duplicate [ 3 ] | |
Status | In Progress [ 3 ] | Resolved [ 5 ] |
Status | Resolved [ 5 ] | Closed [ 6 ] |
Link |
This issue duplicates |
Workflow | JNJira [ 151242 ] | JNJira + In-Review [ 206980 ] |