-
Bug
-
Resolution: Unresolved
-
Blocker
-
Jenkins ver. 2.19.3
Mask Passwords Plugin 2.8
We have a global password called JENKINSPASS
We have a global env ANT_OPTS defined, which references it like -Djavax.net.ssl.keyStorePassword=${JENKINSPASS}
For no apparent reason (we didn't upgrade) an unmasked value of the password started to appear in "Enviorment Variables" view. Note JENKINSPASS itself is masked.
ANT_OPTS -Djavax.net.ssl.keyStorePassword=N0wC0mpr0miss3dS3cr3t JENKINSPASS [*******]
Older builds don't contain an entry for ANT_OPTS at all.
[JENKINS-40017] Passwords are replaced but not masked in global envs
Jakub Bochenski
created issue -
Jakub Bochenski
made changes -
| Description |
Original:
We have a global password called {{JENKINSPASS}} We have a global env {{ANT_OPTS}} defined with references it like {{-Djavax.net.ssl.keyStorePassword=${JENKINSPASS}}} For no apparent reason an unmasked value of the password started to appear in "Enviorment Variables" view. Note {{JENKINSPASS}} itself is not masked. {code} ANT_OPTS -Djavax.net.ssl.keyStorePassword=N0wC0mpr0miss3dS3cr3t JENKINSPASS [*******] {code} Older builds don't contain an entry for ANT_OPTS at all. |
New:
We have a global password called {{JENKINSPASS}} We have a global env {{ANT_OPTS}} defined with references it like {{-Djavax.net.ssl.keyStorePassword=$\{JENKINSPASS\}}} For no apparent reason an unmasked value of the password started to appear in "Enviorment Variables" view. Note {{JENKINSPASS}} itself is not masked. {code} ANT_OPTS -Djavax.net.ssl.keyStorePassword=N0wC0mpr0miss3dS3cr3t JENKINSPASS [*******] {code} Older builds don't contain an entry for ANT_OPTS at all. |
Jakub Bochenski
made changes -
| Description |
Original:
We have a global password called {{JENKINSPASS}} We have a global env {{ANT_OPTS}} defined with references it like {{-Djavax.net.ssl.keyStorePassword=$\{JENKINSPASS\}}} For no apparent reason an unmasked value of the password started to appear in "Enviorment Variables" view. Note {{JENKINSPASS}} itself is not masked. {code} ANT_OPTS -Djavax.net.ssl.keyStorePassword=N0wC0mpr0miss3dS3cr3t JENKINSPASS [*******] {code} Older builds don't contain an entry for ANT_OPTS at all. |
New:
We have a global password called {{JENKINSPASS}} We have a global env {{ANT_OPTS}} defined with references it like {{-Djavax.net.ssl.keyStorePassword=$\{JENKINSPASS\}}} For no apparent reason (we didn't upgrade) an unmasked value of the password started to appear in "Enviorment Variables" view. Note {{JENKINSPASS}} itself is not masked. {code} ANT_OPTS -Djavax.net.ssl.keyStorePassword=N0wC0mpr0miss3dS3cr3t JENKINSPASS [*******] {code} Older builds don't contain an entry for ANT_OPTS at all. |
Jakub Bochenski
made changes -
| Description |
Original:
We have a global password called {{JENKINSPASS}} We have a global env {{ANT_OPTS}} defined with references it like {{-Djavax.net.ssl.keyStorePassword=$\{JENKINSPASS\}}} For no apparent reason (we didn't upgrade) an unmasked value of the password started to appear in "Enviorment Variables" view. Note {{JENKINSPASS}} itself is not masked. {code} ANT_OPTS -Djavax.net.ssl.keyStorePassword=N0wC0mpr0miss3dS3cr3t JENKINSPASS [*******] {code} Older builds don't contain an entry for ANT_OPTS at all. |
New:
We have a global password called {{JENKINSPASS}} We have a global env {{ANT_OPTS}} defined, which references it like {{-Djavax.net.ssl.keyStorePassword=$\{JENKINSPASS\}}} For no apparent reason (we didn't upgrade) an unmasked value of the password started to appear in "Enviorment Variables" view. Note {{JENKINSPASS}} itself is not masked. {code} ANT_OPTS -Djavax.net.ssl.keyStorePassword=N0wC0mpr0miss3dS3cr3t JENKINSPASS [*******] {code} Older builds don't contain an entry for ANT_OPTS at all. |
Jakub Bochenski
made changes -
| Description |
Original:
We have a global password called {{JENKINSPASS}} We have a global env {{ANT_OPTS}} defined, which references it like {{-Djavax.net.ssl.keyStorePassword=$\{JENKINSPASS\}}} For no apparent reason (we didn't upgrade) an unmasked value of the password started to appear in "Enviorment Variables" view. Note {{JENKINSPASS}} itself is not masked. {code} ANT_OPTS -Djavax.net.ssl.keyStorePassword=N0wC0mpr0miss3dS3cr3t JENKINSPASS [*******] {code} Older builds don't contain an entry for ANT_OPTS at all. |
New:
We have a global password called {{JENKINSPASS}} We have a global env {{ANT_OPTS}} defined, which references it like {{-Djavax.net.ssl.keyStorePassword=$\{JENKINSPASS\}}} For no apparent reason (we didn't upgrade) an unmasked value of the password started to appear in "Enviorment Variables" view. Note {{JENKINSPASS}} itself is masked. {code} ANT_OPTS -Djavax.net.ssl.keyStorePassword=N0wC0mpr0miss3dS3cr3t JENKINSPASS [*******] {code} Older builds don't contain an entry for ANT_OPTS at all. |
Jakub Bochenski
made changes -
| Labels | New: security |
| Assignee | Original: Oleg Nenashev [ oleg_nenashev ] |