Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23259

userContent can been browsed by anoymous users when security is enabled and discovery is disabled

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not A Defect
    • Icon: Critical Critical
    • core
    • None
    • Ubuntu 14.04

      With security enabled and discovery disabled an unauthenticated user can browse any files in the userContent directory by going to http://server/userContent

      This can be a big security risk for those who use the copy_to_slave plugin and store sensitive files in the userContent directory.

            kohsuke Kohsuke Kawaguchi
            jjhughes57 Joseph Hughes
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: