Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31610

User may view some information in credential-store of other users

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Environment:
    • Similar Issues:

      Description

      As a standard user, it is possible to directly access other user's credential-store when this is not a menu option provided to them.

      By manually entering another user's name into the location field of the browser, an unprivileged user can view the list of credentials in another users' credential-store. It doesn't appear to be possible to view the stored password, but all credentials information for a given user should be restricted from access by other users.

        Attachments

          Activity

            People

            • Assignee:
              stephenconnolly Stephen Connolly
              Reporter:
              jec Josh Cook
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: