如何在Jenkins中禁用注入环境变量的可视化 [英] How to Disable the visualization of Injected Environment variables in Jenkins

问题描述

Jenkins SECURITY-248指出，我应该禁用全局配置中注入环境变量的可视化."我在配置中找不到此设置.任何帮助将不胜感激.

Jenkins SECURITY-248 states that I should "Disable the visualization of Injected Environment variables in the global configuration." I cannot find this setting in the Configuration. Any help will be appreciated.

推荐答案

您可以执行以下操作以确保正确解决此安全问题:

You can do the following to make sure to address this security issue correctly:

1. 通过执行以下命令来检查是否有受此安全问题影响的文件:sudo find . -name "injectedEnvVars.txt"
2. 通过执行以下命令来递归删除所有文件:sudo find . -name "injectedEnvVars.txt" -delete
3. 重新执行步骤1，以确保没有剩余文件.
4. 从Environment Injector Plugin下的Configure Global Security转到Do not show injected variables，转到Jenkins实例.
5. 在Hidden security warnings下的Configure Global Security中，单击Security Warnings，然后取消选中Environment Injector Plugin: Exposure of sensitive build variables stored by EnvInject 1.90 and earlier.这样可以确保隐藏该错误消息，使其不再出现.

1. Check to see if you have any files affected by this security issue by executing this command: sudo find . -name "injectedEnvVars.txt"
2. Delete all the files recursively by executing the following command: sudo find . -name "injectedEnvVars.txt" -delete
3. Re-execute step #1 to make sure there are no files left.
4. Go to the Jenkins instance, from Configure Global Security under Environment Injector Plugin check Do not show injected variables.
5. From Configure Global Security under Hidden security warnings, click on Security Warnings and then uncheck Environment Injector Plugin: Exposure of sensitive build variables stored by EnvInject 1.90 and earlier. This will make sure to hide that error message so it doesn’t appear again.

参考: https://jenkins.io/security/advisory/2018-02-26/#SECURITY-248

这篇关于如何在Jenkins中禁用注入环境变量的可视化的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！