Details
-
Bug
-
Status: Resolved (View Workflow)
-
Critical
-
Resolution: Fixed
Description
-
-
-
- VERY CRITICAL *****
-
-
Masked Password Clearly visible.
When Pass build variables as properties is marked as true. Global password will be clearly visible in console output. It was found in version 1.20, it was not in version 1.16.
Please Fix this issue as soon as possible, as it is a security threat for us.
For reference attaching image. in which global declared password visible clearly with msbuild command.
but not visible when i echo in windows batch command.
Attachments
Issue Links
- is related to
-
-
- Resolved
-
-
-
- Resolved
-
Activity
Code changed in jenkins
User: Jesse Glick
Path:
src/main/resources/hudson/plugins/msbuild/MsBuildBuilder/config.jelly
src/main/webapp/help-BuildVariablesAsProperties.html
http://jenkins-ci.org/commit/msbuild-plugin/b37dba21830d9343b4d619904ad687428111feb7
Log:
JENKINS-19830 Warn about passwords in log.
Code changed in jenkins
User: Gregory Boissinot
Path:
src/main/resources/hudson/plugins/msbuild/MsBuildBuilder/config.jelly
src/main/webapp/help-BuildVariablesAsProperties.html
http://jenkins-ci.org/commit/msbuild-plugin/f30df9df32575d31af3211e8f79f5cbea48c69b6
Log:
Merge pull request #10 from jglick/mask-args-JENKINS-19830
[FIXED JENKINS-19830] Warn about passwords in log
Compare: https://github.com/jenkinsci/msbuild-plugin/compare/b1b89b77e0d8...f30df9df3257
Just discovered AbstractBuild.getSensitiveBuildVariables which I guess could be used for this purpose.
Code changed in jenkins
User: Gregory Boissinot
Path:
src/main/java/hudson/plugins/msbuild/MsBuildBuilder.java
src/main/resources/hudson/plugins/msbuild/MsBuildBuilder/help-buildVariablesAsProperties.html
src/main/resources/hudson/plugins/msbuild/MsBuildBuilder/help-buildVariablesAsProperties_fr.html
http://jenkins-ci.org/commit/msbuild-plugin/03fdb89ecc2dd3a0eb06aae099baf5d90f930f49
Log:
Fix JENKINS-19830
Filed pull #10.