Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54538

Ability to save unmasked credentials to file

    XMLWordPrintable

Details

    Description

      It looks like saving password variable from withCredentials using writeFile doesn't mask the password. I consider this to be a security vulnerability.

      Attachments

        Issue Links

          Activity

            https://jenkins.io/doc/pipeline/steps/credentials-binding/ says this is by design: "The masking could of course be trivially circumvented; anyone permitted to configure a job or define Pipeline steps is assumed to be trusted to use any credentials in scope however they like."

            kon Kalle Niemitalo added a comment - https://jenkins.io/doc/pipeline/steps/credentials-binding/ says this is by design: "The masking could of course be trivially circumvented; anyone permitted to configure a job or define Pipeline steps is assumed to be trusted to use any credentials in scope however they like."

            Make sens, can't believe I missed the obvious

            t0mmili Tomasz Fijarczyk added a comment - Make sens, can't believe I missed the obvious

            People

              Unassigned Unassigned
              t0mmili Tomasz Fijarczyk
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: