Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20318

Security leak - passwords are visible in workspace (git / http)

    Details

    • Similar Issues:

      Description

      Maven-Jobs with git-SCMs using http-URLs: The credentials are automatically attached to the URL for the remote repository. Thus the password is visible for all users reading the workspace-directory (see attachments).

      I know that the password >has< to be set somewhere. I suggest to force the usage of ~/.netrc. This file is visible for the build admin only!

      Note: This is not identical with JENKINS-4428!

        Attachments

          Activity

          chrisabit chrisabit created issue -
          chrisabit chrisabit made changes -
          Field Original Value New Value
          Attachment Jenkins_Workspace.png [ 24611 ]
          Attachment Jenkins_VisiblePassword.png [ 24612 ]
          ndeloof Nicolas De Loof made changes -
          Priority Critical [ 2 ] Major [ 3 ]
          chrisabit chrisabit made changes -
          Priority Major [ 3 ] Critical [ 2 ]
          markewaite Mark Waite made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          markewaite Mark Waite made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          rtyler R. Tyler Croy made changes -
          Workflow JNJira [ 151842 ] JNJira + In-Review [ 207093 ]

            People

            • Assignee:
              ndeloof Nicolas De Loof
              Reporter:
              chrisabit chrisabit
            • Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: