[JIRA] [envinject] (JENKINS-23447) Sensitive build variables recorded in EnvInjectSavable and displayed in EnvInjectAction

[jgl...@cloudbees.com (JIRA)]

Jesse Glick created JENKINS-23447 Sensitive build variables recorded in EnvInjectSavable and displayed in EnvInjectAction Issue Type: Bug Assignee: Gregory Boissinot Components: envinject Created: 16/Jun/14 2:03 PM Description: If you have a BuildWrapper which overrides makeSensitiveBuildVariables to specify that its additions are to be considered secret, then add an EnvInjectBuilder which adds some unrelated variables, injectedEnvVars.txt includes the sensitive variables (in plaintext) and /job/.../.../injectedEnvVars/ shows them as well. Environment: 1.89 in 1.554.2 Project: Jenkins Labels: security mask-passwords Priority: Critical Reporter: Jesse Glick

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.