[JENKINS-54538] Ability to save unmasked credentials to file

Type: Bug
Resolution: Not A Defect
Priority: Major
Component/s: credentials-binding-plugin
Labels:
None
Environment:
Jenkins 2.149 - Credential Binding 1.17

Similar Issues:
Powered by SuggestiMate

Show

It looks like saving password variable from withCredentials using writeFile doesn't mask the password. I consider this to be a security vulnerability.

relates to

JENKINS-50242 withCredentials step masking easily bypassed

Resolved

Kalle Niemitalo added a comment - 2019-11-27 16:31

https://jenkins.io/doc/pipeline/steps/credentials-binding/ says this is by design: "The masking could of course be trivially circumvented; anyone permitted to configure a job or define Pipeline steps is assumed to be trusted to use any credentials in scope however they like."

Kalle Niemitalo added a comment - 2019-11-27 16:31 https://jenkins.io/doc/pipeline/steps/credentials-binding/ says this is by design: "The masking could of course be trivially circumvented; anyone permitted to configure a job or define Pipeline steps is assumed to be trusted to use any credentials in scope however they like."

Tomasz Fijarczyk added a comment - 2019-11-27 19:58

Make sens, can't believe I missed the obvious

Tomasz Fijarczyk added a comment - 2019-11-27 19:58 Make sens, can't believe I missed the obvious

Assignee:: Unassigned

Reporter:: Tomasz Fijarczyk

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2018-11-08 11:06

Updated:: 2020-02-29 07:19

Resolved:: 2019-11-27 19:59

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Kalle Niemitalo added a comment - 2019-11-27 16:31

Expand comment: Kalle Niemitalo added a comment - 2019-11-27 16:31

Collapse comment: Tomasz Fijarczyk added a comment - 2019-11-27 19:58

Expand comment: Tomasz Fijarczyk added a comment - 2019-11-27 19:58

People

Dates