[JENKINS-4428] MavenProbeAction exposes password parameters - Jenkins Jira

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Critical
Resolution: Fixed
Component/s: maven-plugin
Labels:
- security
Environment:
Platform: All, OS: All

Similar Issues:

Show

Description

Password parameters of Hudson jobs are visible in plain form when the job is
running. Look to "Monitor Maven Process/Environment Variables" view.

Attachments

Issue Links

is duplicated by

JENKINS-19724 Monitor Maven Process - Environment Variables allows user to see unencrypted passwords

Closed

is related to

JENKINS-23447 Sensitive build variables recorded in EnvInjectSavable and displayed in EnvInjectAction

Resolved

links to

CloudBees Internal OSS-645

Activity

Ascending order - Click to sort in descending order

View 9 older comments

Anders Hammar added a comment - 2015-08-17 07:36

https://github.com/jenkinsci/maven-plugin/pull/50

I don't know how to create an IT for this though. Somehow I need to trigger an action during the Maven build and not verify the outcome of a build.

Anders Hammar added a comment - 2015-08-17 07:36 https://github.com/jenkinsci/maven-plugin/pull/50 I don't know how to create an IT for this though. Somehow I need to trigger an action during the Maven build and not verify the outcome of a build.

Anders Hammar added a comment - 2016-02-18 12:56

Ping. Could someone review and merge please?

Anders Hammar added a comment - 2016-02-18 12:56 Ping. Could someone review and merge please?

SCM/JIRA link daemon added a comment - 2016-03-24 00:58

Code changed in jenkins
User: Anders Hammar
Path:
src/main/java/hudson/maven/MavenModuleSetBuild.java
src/main/java/hudson/maven/MavenProbeAction.java
http://jenkins-ci.org/commit/maven-plugin/3e970728b46198aa898e507963cc6da27d5ce8cf
Log:
[FIXED JENKINS-4428] MavenProbeAction exposes password parameters

Signed-off-by: Anders Hammar <anders@hammar.net>

SCM/JIRA link daemon added a comment - 2016-03-24 00:58 Code changed in jenkins User: Anders Hammar Path: src/main/java/hudson/maven/MavenModuleSetBuild.java src/main/java/hudson/maven/MavenProbeAction.java http://jenkins-ci.org/commit/maven-plugin/3e970728b46198aa898e507963cc6da27d5ce8cf Log: [FIXED JENKINS-4428] MavenProbeAction exposes password parameters Signed-off-by: Anders Hammar <anders@hammar.net>

SCM/JIRA link daemon added a comment - 2016-03-24 00:58

Code changed in jenkins
User: Olivier Lamy
Path:
src/main/java/hudson/maven/MavenModuleSetBuild.java
src/main/java/hudson/maven/MavenProbeAction.java
http://jenkins-ci.org/commit/maven-plugin/9c5eb51dda735450a6cc7a59201efe2cd795625a
Log:
Merge pull request #50 from andham/~~JENKINS-4428~~

[FIXED JENKINS-4428] MavenProbeAction exposes password parameters

Compare: https://github.com/jenkinsci/maven-plugin/compare/cc6027c7f38c...9c5eb51dda73

SCM/JIRA link daemon added a comment - 2016-03-24 00:58 Code changed in jenkins User: Olivier Lamy Path: src/main/java/hudson/maven/MavenModuleSetBuild.java src/main/java/hudson/maven/MavenProbeAction.java http://jenkins-ci.org/commit/maven-plugin/9c5eb51dda735450a6cc7a59201efe2cd795625a Log: Merge pull request #50 from andham/ JENKINS-4428 [FIXED JENKINS-4428] MavenProbeAction exposes password parameters Compare: https://github.com/jenkinsci/maven-plugin/compare/cc6027c7f38c...9c5eb51dda73

Arnaud Héritier added a comment - 2016-05-24 10:33

Fixed in 2.13

Arnaud Héritier added a comment - 2016-05-24 10:33 Fixed in 2.13

People

Assignee:: Anders Hammar

Reporter:: rtlusty

Votes:: 9 Vote for this issue

Watchers:: 12 Start watching this issue

Dates

Created:: 2009-09-09 23:16

Updated:: 2017-12-05 05:56

Resolved:: 2016-03-24 00:58