-
Bug
-
Resolution: Duplicate
-
Critical
It seems that when you use the Test option to verify the credentials some errors are logged by Jenkins but you still get a success result. Based on the logs I suppose that these are really serious errors:
Jul 22, 2016 3:57:10 PM org.eclipse.jetty.util.log.JavaUtilLog warn WARNING: Header is too large >8192 Jul 22, 2016 3:57:10 PM org.eclipse.jetty.util.log.JavaUtilLog warn WARNING: badMessage: 413 for HttpChannelOverHttp@7b0d79d2{r=0,c=false,a=IDLE,uri=/descriptorByName/hudson.plugins.ec2.AmazonEC2Cloud/checkPrivateKey?value=-----BEGIN%20RSA%20PRIVATE%20KEY-----%0..........(censored-private-key-content)......................%3D%3D%0A-----END%20RSA%20PRIVATE%20KEY-----}
Not to add that displaying a private RSA key in the logs or in the UI is a serious security issue.
- duplicates
-
-
- Open
-
- is related to
-
-
- Resolved
-
