Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54538

Ability to save unmasked credentials to file

    Details

    • Similar Issues:

      Description

      It looks like saving password variable from withCredentials using writeFile doesn't mask the password. I consider this to be a security vulnerability.

        Attachments

          Activity

          Hide
          kon Kalle Niemitalo added a comment -

          https://jenkins.io/doc/pipeline/steps/credentials-binding/ says this is by design: "The masking could of course be trivially circumvented; anyone permitted to configure a job or define Pipeline steps is assumed to be trusted to use any credentials in scope however they like."

          Show
          kon Kalle Niemitalo added a comment - https://jenkins.io/doc/pipeline/steps/credentials-binding/ says this is by design: "The masking could of course be trivially circumvented; anyone permitted to configure a job or define Pipeline steps is assumed to be trusted to use any credentials in scope however they like."
          Hide
          t0mmili Tomasz Fijarczyk added a comment -

          Make sens, can't believe I missed the obvious

          Show
          t0mmili Tomasz Fijarczyk added a comment - Make sens, can't believe I missed the obvious

            People

            • Assignee:
              Unassigned
              Reporter:
              t0mmili Tomasz Fijarczyk
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: