[JENKINS-23259] userContent can been browsed by anoymous users when security is enabled and discovery is disabled - Jenkins Jira

Type: Bug
Resolution: Not A Defect
Priority: Critical
Component/s: core
Labels:
None
Environment:
Ubuntu 14.04

Similar Issues:
Powered by SuggestiMate

Show

With security enabled and discovery disabled an unauthenticated user can browse any files in the userContent directory by going to http://server/userContent

This can be a big security risk for those who use the copy_to_slave plugin and store sensitive files in the userContent directory.

is related to

JENKINS-25146 When the anonymous user has no access rights, userContent is inaccessible

Resolved

Assignee:: Kohsuke Kawaguchi

Reporter:: Joseph Hughes

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2014-05-30 20:09

Updated:: 2015-10-09 16:50

Resolved:: 2014-05-31 15:25

Details

Description

Attachments

Issue Links

Activity

People

Dates