Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incomatibility with Open telemetry plugin #300

Open
worldcompass opened this issue Mar 22, 2023 · 2 comments
Open

Incomatibility with Open telemetry plugin #300

worldcompass opened this issue Mar 22, 2023 · 2 comments
Labels
bug

Comments

@worldcompass
Copy link

Jenkins and plugins versions report

Environment 
Jenkins: 2.387.1
OS: Linux - 4.14.305-227.531.amzn2.x86_64
Java: 17.0.6 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
---
ace-editor:1.1
amazon-ecr:1.114.vfd22430621f5
analysis-model-api:10.23.1
ansicolor:1.0.2
antisamy-markup-formatter:159.v25b_c67cd35fb_
apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5
audit-trail:333.vb_e1b_b_0f1238c
authentication-tokens:1.4
aws-cloudwatch-library:1.11.136
aws-credentials:191.vcb_f183ce58b_9
aws-java-sdk:1.12.406-370.v8f993c987059
aws-java-sdk-cloudformation:1.12.406-370.v8f993c987059
aws-java-sdk-codebuild:1.12.406-370.v8f993c987059
aws-java-sdk-ec2:1.12.406-370.v8f993c987059
aws-java-sdk-ecr:1.12.406-370.v8f993c987059
aws-java-sdk-ecs:1.12.406-370.v8f993c987059
aws-java-sdk-efs:1.12.406-370.v8f993c987059
aws-java-sdk-elasticbeanstalk:1.12.406-370.v8f993c987059
aws-java-sdk-iam:1.12.406-370.v8f993c987059
aws-java-sdk-logs:1.12.406-370.v8f993c987059
aws-java-sdk-minimal:1.12.406-370.v8f993c987059
aws-java-sdk-sns:1.12.406-370.v8f993c987059
aws-java-sdk-sqs:1.12.406-370.v8f993c987059
aws-java-sdk-ssm:1.12.406-370.v8f993c987059
basic-branch-build-strategies:71.vc1421f89888e
blueocean:1.27.2
blueocean-autofavorite:1.2.5
blueocean-bitbucket-pipeline:1.27.2
blueocean-commons:1.27.2
blueocean-config:1.27.2
blueocean-core-js:1.27.2
blueocean-dashboard:1.27.2
blueocean-display-url:2.4.1
blueocean-events:1.27.2
blueocean-git-pipeline:1.27.2
blueocean-github-pipeline:1.27.2
blueocean-i18n:1.27.2
blueocean-jira:1.27.2
blueocean-jwt:1.27.2
blueocean-personalization:1.27.2
blueocean-pipeline-api-impl:1.27.2
blueocean-pipeline-editor:1.27.2
blueocean-pipeline-scm-api:1.27.2
blueocean-rest:1.27.2
blueocean-rest-impl:1.27.2
blueocean-web:1.27.2
bootstrap4-api:4.6.0-5
bootstrap5-api:5.2.1-3
bouncycastle-api:2.27
branch-api:2.1071.v1a_188a_562481
build-name-setter:2.2.0
build-token-root:151.va_e52fe3215fc
build-user-vars-plugin:1.9
build-with-parameters:76.v9382db_f78962
caffeine-api:2.9.3-65.v6a_47d0f4d1fe
checks-api:1.8.1
cloudbees-bitbucket-branch-source:796.v6cb_1559e1673
cloudbees-folder:6.815.v0dd5a_cb_40e0e
clover:4.13.0
cloverphp:0.6
cobertura:1.17
code-coverage-api:3.5.0
command-launcher:90.v669d7ccb_7c31
commons-lang3-api:3.12.0-36.vd97de6465d5b_
commons-text-api:1.10.0-36.vc008c8fcda_7b_
configuration-as-code:1569.vb_72405b_80249
copyartifact:686.v6fd37018d7c2
credentials:1214.v1de940103927
credentials-binding:523.vd859a_4b_122e6
data-tables-api:1.12.1-4
deploy-dashboard:0.1.0
display-url-api:2.3.7
docker-commons:419.v8e3cd84ef49c
docker-workflow:563.vd5d2e5c4007f
durable-task:504.vb10d1ae5ba2f
ec2:2.0.6
echarts-api:5.4.0-1
envinject:2.901.v0038b_6471582
envinject-api:1.199.v3ce31253ed13
extended-choice-parameter:359.v35dcfdd0c20d
extended-read-permission:3.2
extensible-choice-parameter:1.8.0
external-monitor-job:203.v683c09d993b_9
favorite:2.4.1
flock:1.0.1
font-awesome-api:6.2.1-1
forensics-api:1.17.0
git:5.0.0
git-client:4.1.0
git-parameter:0.9.18
git-server:99.va_0826a_b_cdfa_d
github:1.37.0
github-api:1.303-417.ve35d9dd78549
github-branch-source:1701.v00cc8184df93
global-variable-string-parameter:1.2
greenballs:1.15.1
groovy:453.vcdb_a_c5c99890
handlebars:3.0.8
handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953
hashicorp-vault-plugin:360.v0a_1c04cf807d
htmlpublisher:1.31
http_request:1.16
ignore-committer-strategy:1.0.4
instance-identity:142.v04572ca_5b_265
ionicons-api:45.vf54fca_5d2154
jackson2-api:2.14.2-319.v37853346a_229
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jdk-tool:63.v62d2fd4b_4793
jenkins-design-language:1.27.2
jersey2-api:2.38-1
jira:3.9
jjwt-api:0.11.5-77.v646c772fddb_0
job-dsl:1.81
job-restrictions:0.8
jobConfigHistory:1207.vd28a_54732f92
jquery:1.12.4-1
jquery-detached:1.2.1
jquery3-api:3.6.1-2
jsch:0.1.55.61.va_e9ee26616e7
junit:1177.v90374a_ef4d09
kubernetes:3893.v73d36f3b_9103
kubernetes-client-api:6.4.1-215.v2ed17097a_8e9
kubernetes-credentials:0.10.0
ldap:659.v8ca_b_a_fe79fa_d
list-git-branches-parameter:0.0.13
lockable-resources:1131.vb_7c3d377e723
log-parser:2.3.0
mailer:448.v5b_97805e3767
mapdb-api:1.0.9-28.vf251ce40855d
mask-passwords:150.vf80d33113e80
matrix-auth:3.1.6
matrix-project:785.v06b_7f47b_c631
mercurial:1260.vdfb_723cdcc81
metrics:4.2.13-420.vea_2f17932dd6
mina-sshd-api-common:2.9.2-50.va_0e1f42659a_a
mina-sshd-api-core:2.9.2-50.va_0e1f42659a_a
momentjs:1.1.1
monitoring:1.92.0
mstest:1.0.0
node-iterator-api:49.v58a_8b_35f8363
okhttp-api:4.10.0-125.v3593b_a_f8c97b_
opentelemetry:2.11.0
pam-auth:1.10
parameterized-scheduler:1.2
performance:918.v5511b_a_d40338
pipeline-aws:1.43
pipeline-build-step:486.vd08f550cceee
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:629.vb_5627b_ee2104
pipeline-input-step:466.v6d0a_5df34f81
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2118.v31fd5b_9944b_5
pipeline-model-definition:2.2118.v31fd5b_9944b_5
pipeline-model-extensions:2.2118.v31fd5b_9944b_5
pipeline-rest-api:2.31
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2118.v31fd5b_9944b_5
pipeline-stage-view:2.31
pipeline-utility-steps:2.15.1
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:2.20.0
popper-api:1.16.1-3
popper2-api:2.11.6-2
powershell:2.0
prism-api:1.29.0-2
pubsub-light:1.17
saml:4.385.v4dea_91565e9d
scm-api:631.v9143df5b_e4a_a
script-security:1229.v4880b_b_e905a_6
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
sse-gateway:1.26
ssh-agent:327.v230ecd01f86f
ssh-credentials:305.v8f4381501156
ssh-slaves:2.877.v365f5eb_a_b_eec
sshd:3.275.v9e17c10f2571
stashNotifier:1.28
structs:324.va_f5d6774f3a_d
timestamper:1.22
token-macro:321.vd7cc1f2a_52c8
trilead-api:2.84.v72119de229b_7
variant:59.vf075fe829ccb
vsphere-cloud:2.27
warnings-ng:9.23.1
windows-slaves:1.8.1
workflow-aggregator:596.v8c21c963d92d
workflow-api:1208.v0cc7c6e0da_9e
workflow-basic-steps:1010.vf7a_b_98e847c1
workflow-cps:3641.vf58904a_b_b_5d8
workflow-durable-task-step:1234.v019404b_3832a
workflow-job:1282.ve6d865025906
workflow-multibranch:733.v109046189126
workflow-scm-step:400.v6b_89a_1317c9a_
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:839.v35e2736cfd5c

What Operating System are you using (both controller, and any agents involved in the problem)?

OS: Linux - 4.14.305-227.531.amzn2.x86_64 - agent
Java: 17.0.6 - Eclipse Adoptium (OpenJDK 64-Bit Server VM) -agent

Reproduction steps

  1. Install hashicopr-vault-plugin(latest version)
  2. install opentelemtry plugin(latest version)
  3. run withVault step on agent.

Expected Results

Secrets are masked.

Actual Results

Secrets are visible as plaintext in console.

Anything else?

  1. issue could be reproduced only on agent, not on master
  2. using 336.v182c0fbaaeb7 plugin version, provided masked password in the console.
@nfj25
Copy link

nfj25 commented Jun 27, 2023

Hello, isn't this related with this security advisory?
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3077

I was looking around and couldn't found an issue related with this security advisory... Am I missing something?

@worldcompass
Copy link
Author

it is not the case @nfj25
After we changed the plugin version back, the same code prints masked password.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nfj25 @worldcompass