Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60962

credential plugin security issue

    XMLWordPrintable

Details

    • Bug
    • Resolution: Not A Defect
    • Blocker
    • credentials-plugin
    • None

    Description

      I'm currently using the credentials plugin to encrypt may username and password . However, in my pipeline script I found a way to hack the password by inserting a character in the password this causes the password to be printed clearly and since I'm the person who added the character if I removed it then I have the password.

       

      This causes a huge security issue for us.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-50242 withCredentials step masking easily bypassed

          • Major - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-42950 credentials-binding-plugin not masking secret text when it includes a single quote

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              selmensh sara elmenshawy
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: