Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-15277

Check view permissions before showing config page

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      In case of views, permissions are checked during form submission allowing to show config page also for unauthorized users.

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Vojtech Juranek
          Path:
          core/src/main/resources/hudson/model/View/configure.jelly
          http://jenkins-ci.org/commit/jenkins/452f4f1c74dd8369644218cd808a16a6376b728b
          Log:
          [Fixed JENKINS-15277] Check permissions before showing config page as we did in all other cases

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Vojtech Juranek Path: core/src/main/resources/hudson/model/View/configure.jelly http://jenkins-ci.org/commit/jenkins/452f4f1c74dd8369644218cd808a16a6376b728b Log: [Fixed JENKINS-15277] Check permissions before showing config page as we did in all other cases
          Hide
          vjuranek vjuranek added a comment -

          Changed to critical to spot it when searching for LTS backports, as it has some security consequences.

          Show
          vjuranek vjuranek added a comment - Changed to critical to spot it when searching for LTS backports, as it has some security consequences.
          Hide
          dogfood dogfood added a comment -

          Integrated in jenkins_main_trunk #1947
          [Fixed JENKINS-15277] Check permissions before showing config page as we did in all other cases (Revision 452f4f1c74dd8369644218cd808a16a6376b728b)

          Result = SUCCESS
          Vojtech Juranek : 452f4f1c74dd8369644218cd808a16a6376b728b
          Files :

          • core/src/main/resources/hudson/model/View/configure.jelly
          Show
          dogfood dogfood added a comment - Integrated in jenkins_main_trunk #1947 [Fixed JENKINS-15277] Check permissions before showing config page as we did in all other cases (Revision 452f4f1c74dd8369644218cd808a16a6376b728b) Result = SUCCESS Vojtech Juranek : 452f4f1c74dd8369644218cd808a16a6376b728b Files : core/src/main/resources/hudson/model/View/configure.jelly

            People

            Assignee:
            vjuranek vjuranek
            Reporter:
            vjuranek vjuranek
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: