Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54538

Ability to save unmasked credentials to file

    Details

    • Similar Issues:

      Description

      It looks like saving password variable from withCredentials using writeFile doesn't mask the password. I consider this to be a security vulnerability.

        Attachments

          Issue Links

            Activity

            Hide
            kon Kalle Niemitalo added a comment -

            https://jenkins.io/doc/pipeline/steps/credentials-binding/ says this is by design: "The masking could of course be trivially circumvented; anyone permitted to configure a job or define Pipeline steps is assumed to be trusted to use any credentials in scope however they like."

            Show
            kon Kalle Niemitalo added a comment - https://jenkins.io/doc/pipeline/steps/credentials-binding/ says this is by design: "The masking could of course be trivially circumvented; anyone permitted to configure a job or define Pipeline steps is assumed to be trusted to use any credentials in scope however they like."
            Hide
            t0mmili Tomasz Fijarczyk added a comment -

            Make sens, can't believe I missed the obvious

            Show
            t0mmili Tomasz Fijarczyk added a comment - Make sens, can't believe I missed the obvious

              People

              • Assignee:
                Unassigned
                Reporter:
                t0mmili Tomasz Fijarczyk
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: