Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-18568

Security Issue: score may be modified in people -> configure screen

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Blocker
    • Resolution: Unresolved
    • Component/s: ci-game-plugin
    • Labels:
    • Environment:
      Windows + Firefox browser session connected to remote Jenkins server
    • Similar Issues:

      Description

      In Jenkins, if a user accesses the People page, then accesses any user page, the score for that user is displayed in a disabled field. Using the Firefox html inspector (Firefox -> Web Developer -> Inspector), a user may click on the disabled field, then modify the value field for the game.score control in the inpector's view of the page source. Upon clicking save in Jenkins, the new score is committed to the scoreboard.

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              redsolo redsolo
              Reporter:
              burntcornmuffin Brandon McKenzie
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: