Bamboo exposes username and password if Git checkout fails.

XMLWordPrintable

      If the repository checkout fails, the username and password are exposed in plain text on the web interface and in the logs.

      To reproduce:

      Environment: on-demand instance version 5.2-OD-4, Build 4004

      1. Create a plan that checks out a git repository using https with authentication.
      2. Run plan
      3. Do something to cause the Source Code Checkout task to fail. This may be simulated by changing the permissions of the build dir on the build server or by changing the network connectivity between the build server and the remote repository. I'm sure there are other scenarios as well that will cause the checkout to fail.
      4. Re-run plan.

        1. Logs.png
          Logs.png
          27 kB
        2. ui.png
          ui.png
          44 kB

              Assignee:
              Unassigned
              Reporter:
              Brian
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: