Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31610

User may view some information in credential-store of other users

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Environment:
    • Similar Issues:

      Description

      As a standard user, it is possible to directly access other user's credential-store when this is not a menu option provided to them.

      By manually entering another user's name into the location field of the browser, an unprivileged user can view the list of credentials in another users' credential-store. It doesn't appear to be possible to view the stored password, but all credentials information for a given user should be restricted from access by other users.

        Attachments

          Activity

          jec Josh Cook created issue -
          jec Josh Cook made changes -
          Field Original Value New Value
          Component/s security [ 15508 ]
          scm_issue_link SCM/JIRA link daemon made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          romanp Roman Pickl made changes -
          Resolution Fixed [ 1 ]
          Status Resolved [ 5 ] Reopened [ 4 ]
          romanp Roman Pickl made changes -
          Status Reopened [ 4 ] Closed [ 6 ]
          Resolution Fixed [ 1 ]
          rtyler R. Tyler Croy made changes -
          Workflow JNJira [ 167042 ] JNJira + In-Review [ 209447 ]
          ircbot Jenkins IRC Bot made changes -
          Component/s _unsorted [ 19622 ]
          Component/s security [ 15508 ]

            People

            • Assignee:
              stephenconnolly Stephen Connolly
              Reporter:
              jec Josh Cook
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: