Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56905

Script-security plugin enable print password credentials without approbation

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Critical
    • Resolution: Unresolved
    • Component/s: script-security-plugin
    • Labels:
      None
    • Environment:
      Jenkins 2.107.3
      script-security-plugin 1.44 or above
    • Similar Issues:

      Description

      In pipeline job, it' s possible to invocate Jenkins.instance and parse globals credentials and print credentials password.

      Need to deselect Use groovy Sandbox. User just need to have job/read/ job/build and Global/read.

      script-security plugin in version 1.44 or above.

        Attachments

          Activity

          olivieratsncf olivier G created issue -
          abayer Andrew Bayer made changes -
          Field Original Value New Value
          Assignee Andrew Bayer [ abayer ]

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            olivieratsncf olivier G
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: