Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-14687

Password is exposed through browser option "view page source"

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The password you provide to Mask Password plugin is visible as plain text when you view the configure (either global or job specific) page sources.

        Attachments

          Issue Links

            Activity

            Hide
            gbois Gregory Boissinot added a comment -

            For information, the EnvInject plugin meets your need. It support password variables and passwords values are hidden when you source the generated page.

            Show
            gbois Gregory Boissinot added a comment - For information, the EnvInject plugin meets your need. It support password variables and passwords values are hidden when you source the generated page.
            Hide
            danielpetisme Daniel Petisme added a comment -

            The Mask password plugin aims to hide your passwords in the jobs console output...
            It can be an interesting/mandatory ER for the next release. I hope to have to time to spend on this improve. I keep you informed.

            Show
            danielpetisme Daniel Petisme added a comment - The Mask password plugin aims to hide your passwords in the jobs console output... It can be an interesting/mandatory ER for the next release. I hope to have to time to spend on this improve. I keep you informed.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Nicolas De Loof
            Path:
            src/main/resources/com/michelin/cio/hudson/plugins/maskpasswords/MaskPasswordsBuildWrapper/config.jelly
            http://jenkins-ci.org/commit/mask-passwords-plugin/9ba2d2b643610ba4e729164a59d94402d9a763eb
            Log:
            [FIXED JENKINS-14687] encrypt password in HTML

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Nicolas De Loof Path: src/main/resources/com/michelin/cio/hudson/plugins/maskpasswords/MaskPasswordsBuildWrapper/config.jelly http://jenkins-ci.org/commit/mask-passwords-plugin/9ba2d2b643610ba4e729164a59d94402d9a763eb Log: [FIXED JENKINS-14687] encrypt password in HTML
            Hide
            danielbeck Daniel Beck added a comment -

            Fix does not apply to global Jenkins config password form.

            Show
            danielbeck Daniel Beck added a comment - Fix does not apply to global Jenkins config password form.
            Hide
            jglick Jesse Glick added a comment -

            @danielbeck what do you mean by that? Are you referring to VarPasswordPair? The Jelly looks correct to me.

            Show
            jglick Jesse Glick added a comment - @danielbeck what do you mean by that? Are you referring to VarPasswordPair ? The Jelly looks correct to me.
            Show
            danielbeck Daniel Beck added a comment - Jesse Glick I meant global as in global.jelly : https://github.com/jenkinsci/mask-passwords-plugin/blob/master/src/main/resources/com/michelin/cio/hudson/plugins/maskpasswords/MaskPasswordsBuildWrapper/global.jelly#L48 The fix is incomplete.
            Hide
            jglick Jesse Glick added a comment -

            True, that should be using passwordAsSecret rather than password. A properly written test against Jenkins 1.551+ ought to fail given this kind of mistake: https://github.com/jenkinsci/jenkins/commit/bf53919

            Show
            jglick Jesse Glick added a comment - True, that should be using passwordAsSecret rather than password . A properly written test against Jenkins 1.551+ ought to fail given this kind of mistake: https://github.com/jenkinsci/jenkins/commit/bf53919
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            The issue has been resolved in 2.7.3

            Show
            oleg_nenashev Oleg Nenashev added a comment - The issue has been resolved in 2.7.3

              People

              • Assignee:
                danielpetisme Daniel Petisme
                Reporter:
                miktap Mikko Tapaninen
              • Votes:
                3 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: