Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-5534

Access permissions are not taken into account when getting files via jobConfigHistory.

    Details

    • Similar Issues:

      Description

      Right now the plugin allows anonymous users to see configurations. This is true for the overview as well as operations as getConfig and showDiffs. Only users with the permission to change a job configuration should be able to see these.
      See:
      http://wiki.jenkins-ci.org/display/JENKINS/Making+your+plugin+behave+in+secured+Hudson
      for a reference how to avoid this.

        Attachments

          Activity

            People

            • Assignee:
              mfriedenhagen Mirko Friedenhagen
              Reporter:
              mfriedenhagen Mirko Friedenhagen
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: