Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-19706

Masked Password Clearly visible as plain text in console output.

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

            • VERY CRITICAL *****

      Masked Password Clearly visible.

      When checkbox option "Pass build variables as properties" is marked as true. Global password will be clearly visible in console output. It was found in version 1.20, it was not in version 1.16.

      Please Fix this issue as soon as possible, as it is a security threat for us.

      For reference attaching image. in which global declared password visible clearly with msbuild command.

      but not visible when I echo in windows batch command.

        Attachments

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Gregory Boissinot
            Path:
            src/main/resources/hudson/plugins/msbuild/MsBuildBuilder/help-buildVariablesAsProperties.html
            src/main/resources/hudson/plugins/msbuild/MsBuildBuilder/help-buildVariablesAsProperties_fr.html
            http://jenkins-ci.org/commit/msbuild-plugin/0d7c081fa7351a2db14dd824ba6bba45e5cd587d
            Log:
            Fix JENKINS-19706 (same as JENKINS-19706)
            Sensitive variables will be excluded.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Gregory Boissinot Path: src/main/resources/hudson/plugins/msbuild/MsBuildBuilder/help-buildVariablesAsProperties.html src/main/resources/hudson/plugins/msbuild/MsBuildBuilder/help-buildVariablesAsProperties_fr.html http://jenkins-ci.org/commit/msbuild-plugin/0d7c081fa7351a2db14dd824ba6bba45e5cd587d Log: Fix JENKINS-19706 (same as JENKINS-19706 ) Sensitive variables will be excluded.
            Hide
            danielbeck Daniel Beck added a comment -

            Commit message probably was supposed to refer to JENKINS-19830.

            Show
            danielbeck Daniel Beck added a comment - Commit message probably was supposed to refer to JENKINS-19830 .

              People

              • Assignee:
                kdsweeney kdsweeney
                Reporter:
                arpitgold Arpit Nagar
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: