Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-19724

Monitor Maven Process - Environment Variables allows user to see unencrypted passwords

    Details

    • Similar Issues:

      Description

      When running a maven job, it is possible to monitor the maven process.

      Upon clicking on the 'Monitor Maven Process' link (http://my-jenkins:8080/job/MyMavenJob/123/probe/?), a page opens with the following options in the left column:

      • System Properties
      • Environment Variables
      • Thread Dump
      • Script Console

      Clicking on either System Properties (http://my-jenkins:8080/job/MyMavenJob/123/probe/systemProperties) and/or Environment Variables (http://my-jenkins:8080/job/MyMavenJob/123/probe/envVars) it is possible to see all the passwords set in the Jenkins Management pages in plain text.

      In contrast, the Environment Variables of a free-style job show the same table, but with the encrypted Password values.
      http://my-jenkins:8080/job/MyFreeStyleJob/12/injectedEnvVars/?

      Am I doing anything wrong here or is there a bug in the presentation of such passwords?

      Just for completeness, I have the Mask Passwords Plugin installed and the following configured in my Maven Job.

      • Inject passwords to the build as environment variables
        • Global Passwords
      • Mask passwords (and enable global passwords)

      Thanks a lot,
      Steve

        Attachments

          Issue Links

            Activity

            Hide
            lostinberlin Steve Boardwell added a comment -
            Show
            lostinberlin Steve Boardwell added a comment - JENKINS-4428
            Hide
            lostinberlin Steve Boardwell added a comment -

            Duplicate of JENKINS-4428

            Show
            lostinberlin Steve Boardwell added a comment - Duplicate of JENKINS-4428

              People

              • Assignee:
                Unassigned
                Reporter:
                lostinberlin Steve Boardwell
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: