Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-18884

Seperate Permission for People View to close Security Hole with AD Plugin

    • 2.452

      Even when choosing the most restricted user rights (Role Plugin: Global Role only 1 Read), it is possible for every user to view the Jenkins User Id AND the name of the user (see screenshots).
      Working with an Active Directory for authentication, this means its possible for everybody to get the user names from AD AND the common names (Security Hole with AD Plugin?).

      Goal: create a Permission to allow specific People/Roles to see this User Account info and deny it to all others.

          [JENKINS-18884] Seperate Permission for People View to close Security Hole with AD Plugin

          Annabella Schmidt created issue -
          Annabella Schmidt made changes -
          Attachment New: Jenkins_PeopleView.png [ 24106 ]
          Annabella Schmidt made changes -
          Labels Original: configuration jenkins matrix security New: configuration core jenkins matrix security
          ikedam made changes -
          Component/s New: core [ 15593 ]
          Component/s Original: active-directory [ 15526 ]
          Component/s Original: matrix [ 15501 ]
          Labels Original: configuration core jenkins matrix security New: configuration core jenkins security
          Oleg Nenashev made changes -
          Component/s Original: security [ 15508 ]
          Jesse Glick made changes -
          Labels Original: configuration core jenkins security New: configuration core jenkins permissions security
          Jesse Glick made changes -
          Labels Original: configuration core jenkins permissions security New: configuration permissions security
          Jesse Glick made changes -
          Link New: This issue depends on JENKINS-26469 [ JENKINS-26469 ]
          Jesse Glick made changes -
          Link New: This issue is related to SECURITY-115 [ SECURITY-115 ]
          Harald Villinger made changes -
          Environment Original: CentOS New: CentOS,
          Harald Villinger made changes -
          Environment Original: CentOS, New: CentOS
          Jenkins

            danielbeck Daniel Beck
            night_shift Annabella Schmidt
            Votes:
            21 Vote for this issue
            Watchers:
            29 Start watching this issue

              Created:
              Updated:
              Resolved: