Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63618

Branch (or repo) specifiers are obfuscated with credentials (security implications)


      If a branch (or repo) is named identically to a user id or password stored in credentials, Jenkins obfuscates the identifier in the logs. (ENV dump below.)


      For example, my username/password combo stored in credentials is folly/isthisexample. Let's say I named my branch isthisexample, then the branch name would be obfuscated with four asterisks ('***') in logs. Similarly, assume my org is named folly, then a branch or org named folly also would be obfuscated in logs.

      Besides the obvious implications for debugging checkouts and branch detections, this is a clear security risk. If I know a username but I don't know a password, all I need to do is build a branch with my best guess, and Jenkins will tell me that my password guess is correct by showing me four stars. Similarly a validation is also offered for usernames.

      Proposed solution: Repo and branch identifiers are not run through an obfuscation filter. Moreover, ONLY the credential-specific pieces should be run through an obfuscation filter.

            Unassigned Unassigned
            ingyhere John Engelke
            0 Vote for this issue
            4 Start watching this issue