Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-11323

dist-fork allows me too much privilege

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Quoting from #jenkins:
      [19:21] <sanga> we have a bunch of nodes running on windows boxes. where the node-agent is running with System rights.
      [19:22] <sanga> and our jenkins instance has the following security policy: anonymous users are allowed to run a build but you need to authenticate (and have the appropriate privileges) to configure a job
      [19:23] <sanga> however, with the dist-fork plugin I am able to run: "....dist-fork cmd"
      [19:23] <sanga> which will give me a terminal shell with system rights on the node
      [19:23] <sanga> without needing to authenticate...
      [19:25] <sanga> it seems to me that dist-fork is currently handled (in terms of access rights) as a job "run"
      [19:25] <sanga> whereas it should be handled as a job "configure"

        Attachments

          Activity

          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Fixed the component

          Show
          oleg_nenashev Oleg Nenashev added a comment - Fixed the component
          Show
          jglick Jesse Glick added a comment - https://jenkins.io/security/advisory/2017-03-20/

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            sanga sanga
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: