Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-5542

Stored Subversion credentials can be abused

XMLWordPrintable

      When Subversion authorization credentials are stored, they can be abused by all Hudson users with Job Create permissions.
      The only thing they have to do is create a new job and enter the right Subversion Repository URL. When working in an homogeneous hosting environment the url's aren't hard to guess.
      https://svn.ourhost/name-project-A
      https://svn.ourhost/name-project-B
      https://svn.ourhost/name-project-C
      ...

            Unassigned Unassigned
            johanv johanv
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: