[
https://issues.jenkins-ci.org/browse/JENKINS-12904?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=162916#comment-162916
]
Daniel Petisme commented on JENKINS-12904:
------------------------------------------
Indeed, the issue is related to Jenkins itself and it's not the plugin's fault.
We also encountered the issue.
Have a look at the [{{Mask Paswords
Plugin}}|https://wiki.jenkins-ci.org/display/JENKINS/Mask+Passwords+Plugin].
It'll mask the values you want and can automatically mask parameters values
(such as Password Parameters or Non-Stored Password Parameters).
> WAS Builder exposes username and password when using "system information" for
> the Master or Slave
> -------------------------------------------------------------------------------------------------
>
> Key: JENKINS-12904
> URL: https://issues.jenkins-ci.org/browse/JENKINS-12904
> Project: Jenkins
> Issue Type: Bug
> Components: was-builder
> Reporter: Walter Kacynski
> Assignee: Daniel Petisme
> Priority: Critical
> Labels: security
>
> I'm not sure if this is a problem with the plugin on Jenkins it self. The
> thread name of the was-builder task embeds the full command line which
> includes the username / password that was invoked. I see this as a security
> exposure when using the Jenkins ui.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
