Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Duplicate
Priority: Medium
Fix Version/s: None
Affects Version/s: None
Component/s: Tasks
Labels:
None

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

As a bamboo admin, I would like the value of a password within a commandline to be masked in the metadata view.

Steps to reproduce:

Create a global or plan variable which contains the string 'password' (in my example 'libraryPassword')
Create a script/commandline task with a commandline containing a reference to the plan variable, ${bamboo.libraryPassword}
Start a build.
Open the metadata view.

The password is shown in it's unmasked version as part of the commandline, but masked on every other place (logs and the variable itself).

My work around for now is to create a second script which reads the variable as a environment variable and calls the first script.

As a new user to bamboo, this security flaw is not obvious, certianly not when the variable settings page states that any variable containing the string 'password' will be masked.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

UnmaskedPassword.png
100 kB
28/Jan/2013 2:10 PM

Issue Links

is related to

BAM-12208 "password" variable shows in metadata

Closed

is cloned from: BDEV-2532 Loading...

Activity

People

Assignee:: Unassigned

Reporter:: adambrengesjo

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 28/Jan/2013 2:10 PM

Updated:: 19/Aug/2019 1:58 AM

Resolved:: 10/May/2013 3:44 AM