Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64392

Upgrading workflow-cps to 2.85 or later leaks credentials in ui

    XMLWordPrintable

Details

    Description

      When viewing logs credentials are hidden as expected. But when in blueocean or viewing logs in the branch builds overview the "title" used to be "Shell Script (self time 3s)" but now includes the command but doesn't remove the secret when using withVault. 

      withCredentials will have a title of "echo ${TEXT} | wc" Good

      withVault will have a title of "echo cred123 | wc " Bad

      I don't know if this is an issue with workflow-cps or one of the hashicorp-vault plugins but it seem like there was a change in workflow-cps:2.85 that added the command to the title and now I can see credentials.

      Currently using
      hashicorp-vault-pipeline:1.3
      hashicorp-vault-plugin:3.6.1

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-64338 Credentials of pipeline jobs not properly masked in the UI when using withVault

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              scddev Dietmar Scheidl
              adamphillips Adam
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: