Having a (or multiple) single quote(s) in the password of the user used by Artifactory causes the job to crash when using the Conan package manager during the ConanAddUser step.

This is the classic SQL injection security hole. I just caught it because I'm running the job in a Docker contaier.

I've looked through the plugin code and I found that the single and probably best place where this can be escaped is in https://github.com/JFrogDev/jenkins-artifactory-plugin/blob/master/src/main/java/org/jfrog/hudson/util/plugins/PluginsUtils.java#L67

Or just before https://github.com/JFrogDev/jenkins-artifactory-plugin/blob/master/src/main/java/org/jfrog/hudson/util/Credentials.java#L43

Since after this the password is scrambled and cannot be escaped anymore.

In my desperation I've also asked on StackOverflow about this: https://stackoverflow.com/questions/48907089/jenkins-pipeline-with-docker-and-artifactory