Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20318

Security leak - passwords are visible in workspace (git / http)

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Labels:
      None
    • Environment:
      RHEL-6 / tomcat 1.7 / java 1.7.0_40
    • Similar Issues:

      Description

      Maven-Jobs with git-SCMs using http-URLs: The credentials are automatically attached to the URL for the remote repository. Thus the password is visible for all users reading the workspace-directory (see attachments).

      I know that the password >has< to be set somewhere. I suggest to force the usage of ~/.netrc. This file is visible for the build admin only!

      Note: This is not identical with JENKINS-4428!

        Attachments

          Activity

            People

            • Assignee:
              ndeloof Nicolas De Loof
              Reporter:
              chrisabit chrisabit
            • Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: