How to Disable the visualization of Injected Environment variables in Jenkins

Jenkins SECURITY-248 states that I should "Disable the visualization of Injected Environment variables in the global configuration." I cannot find this setting in the Configuration. Any help will be appreciated.

What is inject environment variable in Jenkins?

EnvInject Plugin aka (Environment Injector Plugin) gives you several options to set environment variables from Jenkins configuration. By selecting Inject environment variables to the build process you will get: Properties File Path. Properties Content. Script File Path.

How can I see environment variables in Jenkins?

Goto to the /job/<project>/configure screen. In "Build Environment" section check "Inject environment variables to the build process"

How do I change environment variables in Jenkins?

We can install and use the EnvInject plugin to inject environment variables during the build startup. In the build configuration window, we select the “Inject environment variables” option in the “Add build step” combo box. We can then add the required environment variables in the properties content text box.

You can do the following to make sure to address this security issue correctly:

Check to see if you have any files affected by this security issue by executing this command: sudo find . -name "injectedEnvVars.txt"
Delete all the files recursively by executing the following command: sudo find . -name "injectedEnvVars.txt" -delete
Re-execute step #1 to make sure there are no files left.
Go to the Jenkins instance, from Configure Global Security under Environment Injector Plugin check Do not show injected variables.
From Configure Global Security under Hidden security warnings, click on Security Warnings and then uncheck Environment Injector Plugin: Exposure of sensitive build variables stored by EnvInject 1.90 and earlier. This will make sure to hide that error message so it doesn’t appear again.