-
New Feature
-
Resolution: Unresolved
-
Minor
-
Jenkins: 2.397
Rebuilder: 320.v5a_0933a_e7d61
Hello.
Is it possible to add settings, that will allow to control posibility to rebuild builds with entered manually password (in Password Parameter) just for users who started this builds, not for all users?
Now if one user started build and enter own credentials, other user who have access to job can rebuild build with creds of first user.
[JENKINS-72363] Plugin allows rebuild builds with manually entered passwords in Jenkins Password Parameter field
be careful this could introduce a security vulnerability 
Being able to see the password entered by someone else is not a desired feature
Geoff Alexander
added a comment - I'm not how this feature would introduce a security vulnerability, as it doesn't require making password fields visible. All it does (if I understand correct) request that builds contains password fields only be "rebuildable" by the user that started the build, so as to prevent user B from being able to run a build by rebuild using user A's password.
Geoff Alexander
added a comment - I'm not how this feature would introduce a security vulnerability, as it doesn't require making password fields visible. All it does (if I understand correct) request that builds contains password fields only be "rebuildable" by the user that started the build, so as to prevent user B from being able to run a build by rebuild using user A's password. gdlxn That's the point of the "could introduce" warning, if it's implemented in a wrong way, it will introduce a vulnerability. Checking for the user has to be done
Another way to fix this problem, suggested to me by a colleague, would be to have rebuild simply clear all password fields, requiring them to be reentered on each rebuild. This might be easier to implement.
This solution is even more secure that the originally proposed solution. Say that a user runs a build using his or her password. Later the user's password is revoked. The originally proposed solution of checking the user would allow the user to rebuild even though his or her password has been revoked. Forgetting passwords on rebuild and requiring them to be reentered on each rebuild addresses this scenario.
And I do consider this problem to be a bug rather a feature request. I would say the priority should be higher than Minor, as this problem exposes a significant security vulnerability. I've had to disable the Rebuild plugin on my Jenkins server as I have a pipeline that uses a password parameter. This is a significant impact to my Jenkins users.
Geoff Alexander
added a comment - - edited Another way to fix this problem, suggested to me by a colleague, would be to have rebuild simply clear all password fields, requiring them to be reentered on each rebuild. This might be easier to implement.
This solution is even more secure that the originally proposed solution. Say that a user runs a build using his or her password. Later the user's password is revoked. The originally proposed solution of checking the user would allow the user to rebuild even though his or her password has been revoked. Forgetting passwords on rebuild and requiring them to be reentered on each rebuild addresses this scenario.
And I do consider this problem to be a bug rather a feature request . I would say the priority should be higher than Minor , as this problem exposes a significant security vulnerability. I've had to disable the Rebuild plugin on my Jenkins server as I have a pipeline that uses a password parameter. This is a significant impact to my Jenkins users. Geoff Alexander
added a comment - A colleague of mine pointed out that the Rebuilder plugin source has a RebuildConfiguration class with a rememberPasswordEnabled field - see the Javadoc and source. Is the rememberPasswordEnabled configuration actually used? Is there a way to configure rememberPasswordEnabled on an installed and enabled Rebuilder plugin?
Geoff Alexander
added a comment - A colleague of mine pointed out that the Rebuilder plugin source has a RebuildConfiguration class with a rememberPasswordEnabled field - see the Javadoc and source . Is the rememberPasswordEnabled configuration actually used? Is there a way to configure rememberPasswordEnabled on an installed and enabled Rebuilder plugin? Geoff Alexander
added a comment - Also, when I bring up the configuration for my pipeline, I see a Rebuild options section:
But it doesn't contain an option for remembering passwords.
Geoff Alexander
added a comment - Also, when I bring up the configuration for my pipeline, I see a Rebuild options section:
But it doesn't contain an option for remembering passwords. Geoff Alexander
added a comment - My colleague found the Rebuild plugin remember password option. It's under Dashboard > Manage Jenkins > System:
Once we disabled this option, the Rebuild plugin no longer remembers passwords on rebuild.
Geoff Alexander
added a comment - My colleague found the Rebuild plugin remember password option. It's under Dashboard > Manage Jenkins > System :
Once we disabled this option, the Rebuild plugin no longer remembers passwords on rebuild. 