Any sub process of bamboo is run under the account of the bamboo agent. If a user is using the script task he has the same permissions and can:
a) inspect the folders of other build jobs
b) inspect the environment variables of other build jobs and find sensitive details like passwords or tokens
Is there any way to prevent that?
Bamboo 5.9 will no longer be supported after June 12, 2017. What does this mean? As part of our End of Life policy, Atlassian supports major versions for two years after the first major iteratio...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot