Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20318

Security leak - passwords are visible in workspace (git / http)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • git-client-plugin, git-plugin
    • None
    • RHEL-6 / tomcat 1.7 / java 1.7.0_40

      Maven-Jobs with git-SCMs using http-URLs: The credentials are automatically attached to the URL for the remote repository. Thus the password is visible for all users reading the workspace-directory (see attachments).

      I know that the password >has< to be set somewhere. I suggest to force the usage of ~/.netrc. This file is visible for the build admin only!

      Note: This is not identical with JENKINS-4428!

        1. Jenkins_VisiblePassword.png
          Jenkins_VisiblePassword.png
          29 kB
        2. Jenkins_Workspace.png
          Jenkins_Workspace.png
          26 kB

            ndeloof Nicolas De Loof
            chrisabit chrisabit
            Votes:
            2 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: