Details
-
Bug
-
Status: Resolved (View Workflow)
-
Critical
-
Resolution: Fixed
-
1.89 in 1.554.2
Description
If you have a BuildWrapper which overrides makeSensitiveBuildVariables to specify that its additions are to be considered secret, then add an EnvInjectBuilder which adds some unrelated variables, injectedEnvVars.txt includes the sensitive variables (in plaintext) and /job/.../.../injectedEnvVars/ shows them as well.
Attachments
Issue Links
- is blocking
-
JENKINS-23630 Update to new environment variable APIs
-
- Resolved
-
- is related to
-
JENKINS-12423 Password masked by Mask Passwords are visible when using envinject plugin
-
- Closed
-
-
JENKINS-4428 MavenProbeAction exposes password parameters
-
- Resolved
-
-
JENKINS-24287 EnvInject exposes password hashes
-
- Resolved
-
Code changed in jenkins
User: Gregory Boissinot
Path:
src/main/java/org/jenkinsci/plugins/envinject/EnvInjectPluginAction.java
http://jenkins-ci.org/commit/envinject-plugin/65f2715af6445d217e5df8a24bbd179f7841403f
Log:
Merge pull request #40 from dshvedchenko/master
JENKINS-23447related , avoid NPE if there are no getSensibleVariables()Compare: https://github.com/jenkinsci/envinject-plugin/compare/db0d1ef23baf...65f2715af644