Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-1868

Anonymous user can change user description

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: _unsorted
    • Labels:
      None
    • Environment:
      Platform: All, OS: All
    • Similar Issues:

      Description

      An anonymous user can change the description of an registered user (matrix based
      security), the anonymous user has read rights under "common" (german: Allgemein).

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in hudson
          User: : kohsuke
          Path:
          trunk/hudson/main/core/src/main/java/hudson/model/User.java
          trunk/www/changelog.html
          http://fisheye4.cenqua.com/changelog/hudson/?cs=10157
          Log:
          [FIXED JENKINS-1868] Requiring ADMINISTER permission to update description, mainly just because that's what the doConfigSubmit method is doing. This change will be in 1.226.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in hudson User: : kohsuke Path: trunk/hudson/main/core/src/main/java/hudson/model/User.java trunk/www/changelog.html http://fisheye4.cenqua.com/changelog/hudson/?cs=10157 Log: [FIXED JENKINS-1868] Requiring ADMINISTER permission to update description, mainly just because that's what the doConfigSubmit method is doing. This change will be in 1.226.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            jiai jiai
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: