-
Bug
-
Resolution: Fixed
-
Major
-
None
In Jenkins 1.480.2.1 it is possible to create a view called '..'. Since actions on a view include the view name in the URL, '..' being interpreted as directory traversal is an issue. As such, it is not possible to view, edit, or delete a view with this name via standard methods.
To read more, see my post on StackOverflow.
http://stackoverflow.com/questions/14445729/how-to-delete-a-view-named/
[JENKINS-16608] View name allows '..'
Description |
Original:
In Jenkins 1.480.2.1 it is possible to create a view called '..'. Since actions on a view include the view name in the URL, '..' being interpreted as directory traversal is an issue. As such, it is not possible to view, edit, or delete a view with this name via standard methods. To read more, see my post on StackOverflow. |
New:
In Jenkins 1.480.2.1 it is possible to create a view called '..'. Since actions on a view include the view name in the URL, '..' being interpreted as directory traversal is an issue. As such, it is not possible to view, edit, or delete a view with this name via standard methods. To read more, see my post on StackOverflow. http://stackoverflow.com/questions/14445729/how-to-delete-a-view-named/ |
Component/s | New: core [ 15593 ] | |
Component/s | Original: view-job-filters [ 15736 ] | |
Assignee | Original: Jacob Robertson [ jacob_robertson ] |
Assignee | New: sogabe [ sogabe ] |
Resolution | New: Fixed [ 1 ] | |
Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
Workflow | Original: JNJira [ 147432 ] | New: JNJira + In-Review [ 192403 ] |