-
Bug
-
Resolution: Duplicate
-
Blocker
-
None
When Subversion authorization credentials are stored, they can be abused by all Hudson users with Job Create permissions.
The only thing they have to do is create a new job and enter the right Subversion Repository URL. When working in an homogeneous hosting environment the url's aren't hard to guess.
https://svn.ourhost/name-project-A
https://svn.ourhost/name-project-B
https://svn.ourhost/name-project-C
...
- duplicates
-
JENKINS-1379 SVN credentials are keyed on hostname only
- Resolved