Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-24913

SSH Plugin displays password parameter values unencrypted in log

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Component/s: ssh-plugin
    • Labels:
      None
    • Similar Issues:

      Description

      When running a parameterized build of type Execute shell script on remote host using ssh, it logs in the console output all the parameters that are used in the script with their values. This is a problem with Password Parameter types, they should be hidden. This is a serious security issue, passwords must never be logged anywhere.

        Attachments

        1. password-parameter.png
          password-parameter.png
          20 kB
        2. shell-script.png
          shell-script.png
          21 kB
        3. ssh-log.png
          ssh-log.png
          16 kB

          Issue Links

            Activity

            Hide
            danielbeck Daniel Beck added a comment -

            Could you explain how you configured the build step or build wrapper to include passwords?

            Show
            danielbeck Daniel Beck added a comment - Could you explain how you configured the build step or build wrapper to include passwords?
            Hide
            p2d_capbs Pietro Descombes added a comment -

            Hi Daniel, sure, here is the config:

            Build configuration

            Include a build parameter of type Password

            Then add an Execute shell script on remote host using ssh build task. Inside the command block, call a shell script taking a argument. Use the parameter as argument.

            Run the build

            When running it using the Build with Parameters link, the task is successfully executed, but all the used parameters are printed out in the console output (as well as the script itself).

            This would be fine for normal parameters, but it is a security issue for passwords, as they are to be kept secret!

            Show
            p2d_capbs Pietro Descombes added a comment - Hi Daniel, sure, here is the config: Build configuration Include a build parameter of type Password Then add an Execute shell script on remote host using ssh build task. Inside the command block, call a shell script taking a argument. Use the parameter as argument. Run the build When running it using the Build with Parameters link, the task is successfully executed, but all the used parameters are printed out in the console output (as well as the script itself). This would be fine for normal parameters, but it is a security issue for passwords, as they are to be kept secret!
            Hide
            danielbeck Daniel Beck added a comment - - edited

            Right, bug is around here:
            https://github.com/jenkinsci/ssh-plugin/blob/master/src/main/java/org/jvnet/hudson/plugins/VariableReplacerUtil.java

            It does not care whether environment variables are declared sensitive (AbstractBuild.getSensitiveBuildVariables()).

            (Plus, contains() is a bit weak to determine whether a script references a given value.)

            Show
            danielbeck Daniel Beck added a comment - - edited Right, bug is around here: https://github.com/jenkinsci/ssh-plugin/blob/master/src/main/java/org/jvnet/hudson/plugins/VariableReplacerUtil.java It does not care whether environment variables are declared sensitive ( AbstractBuild.getSensitiveBuildVariables() ). (Plus, contains() is a bit weak to determine whether a script references a given value.)
            Hide
            johnnybgoode John Tatum added a comment -

            https://github.com/jenkinsci/ssh-plugin/pull/14 has been created to address this issue. Pleast test and comment if able.

            Show
            johnnybgoode John Tatum added a comment - https://github.com/jenkinsci/ssh-plugin/pull/14 has been created to address this issue. Pleast test and comment if able.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: johnny-b-goode
            Path:
            src/main/java/org/jvnet/hudson/plugins/SSHBuildWrapper.java
            src/main/java/org/jvnet/hudson/plugins/SSHBuilder.java
            src/main/java/org/jvnet/hudson/plugins/VariableReplacerUtil.java
            http://jenkins-ci.org/commit/ssh-plugin/6aa9f1684b350d4643e8a95d4482bd446d6dc290
            Log:
            This commit addresses https://issues.jenkins-ci.org/browse/JENKINS-24913

            Added a method to scrub the runtime command to VariableReplacerUtil.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: johnny-b-goode Path: src/main/java/org/jvnet/hudson/plugins/SSHBuildWrapper.java src/main/java/org/jvnet/hudson/plugins/SSHBuilder.java src/main/java/org/jvnet/hudson/plugins/VariableReplacerUtil.java http://jenkins-ci.org/commit/ssh-plugin/6aa9f1684b350d4643e8a95d4482bd446d6dc290 Log: This commit addresses https://issues.jenkins-ci.org/browse/JENKINS-24913 Added a method to scrub the runtime command to VariableReplacerUtil.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Edmund Wagner
            Path:
            src/main/java/org/jvnet/hudson/plugins/SSHBuildWrapper.java
            src/main/java/org/jvnet/hudson/plugins/SSHBuilder.java
            src/main/java/org/jvnet/hudson/plugins/VariableReplacerUtil.java
            http://jenkins-ci.org/commit/ssh-plugin/d1a2168224919d678419bd4194cd66201dbbbee8
            Log:
            Merge pull request #14 from johnny-b-goode/master

            This commit addresses https://issues.jenkins-ci.org/browse/JENKINS-24913

            Compare: https://github.com/jenkinsci/ssh-plugin/compare/f9f8fad47a54...d1a216822491

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Edmund Wagner Path: src/main/java/org/jvnet/hudson/plugins/SSHBuildWrapper.java src/main/java/org/jvnet/hudson/plugins/SSHBuilder.java src/main/java/org/jvnet/hudson/plugins/VariableReplacerUtil.java http://jenkins-ci.org/commit/ssh-plugin/d1a2168224919d678419bd4194cd66201dbbbee8 Log: Merge pull request #14 from johnny-b-goode/master This commit addresses https://issues.jenkins-ci.org/browse/JENKINS-24913 Compare: https://github.com/jenkinsci/ssh-plugin/compare/f9f8fad47a54...d1a216822491
            Hide
            ljader Łukasz Jąder added a comment -

            Recent 2.5 version of ssh-plugin contains fix provided by John Tatum, which takes sensitive build variables into account.

            In case of any similar issue, please create a new ticket.

            Show
            ljader Łukasz Jąder added a comment - Recent 2.5 version of ssh-plugin contains fix provided by John Tatum, which takes sensitive build variables into account. In case of any similar issue, please create a new ticket.

              People

              Assignee:
              johnnybgoode John Tatum
              Reporter:
              p2d_capbs Pietro Descombes
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: