Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-24913

SSH Plugin displays password parameter values unencrypted in log

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • ssh-plugin
    • None

    Description

      When running a parameterized build of type Execute shell script on remote host using ssh, it logs in the console output all the parameters that are used in the script with their values. This is a problem with Password Parameter types, they should be hidden. This is a serious security issue, passwords must never be logged anywhere.

      Attachments

        1. password-parameter.png
          password-parameter.png
          20 kB
        2. shell-script.png
          shell-script.png
          21 kB
        3. ssh-log.png
          ssh-log.png
          16 kB

        Issue Links

          Activity

            People

              johnnybgoode John Tatum
              p2d_capbs Pietro Descombes
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: