Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25033

Credentials metadata leaks

XMLWordPrintable

      doFillCredentialsIdItems in DockerBuilderNewTemplate, DockerBuilderControlOptionRun, DockerTemplate should do some kind of security check, probably

      if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
    return new ListBoxModel();
}

      (or something more specific if you have it) lest they expose credentials IDs and descriptions to anonymous users.

            ndeloof Nicolas De Loof
            jglick Jesse Glick
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: