Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-18884

Seperate Permission for People View to close Security Hole with AD Plugin

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Even when choosing the most restricted user rights (Role Plugin: Global Role only 1 Read), it is possible for every user to view the Jenkins User Id AND the name of the user (see screenshots).
      Working with an Active Directory for authentication, this means its possible for everybody to get the user names from AD AND the common names (Security Hole with AD Plugin?).

      Goal: create a Permission to allow specific People/Roles to see this User Account info and deny it to all others.

        Attachments

          Issue Links

            Activity

            night_shift Annabella Schmidt created issue -
            night_shift Annabella Schmidt made changes -
            Field Original Value New Value
            Attachment Jenkins_PeopleView.png [ 24106 ]
            night_shift Annabella Schmidt made changes -
            Labels configuration jenkins matrix security configuration core jenkins matrix security
            ikedam ikedam made changes -
            Component/s core [ 15593 ]
            Component/s active-directory [ 15526 ]
            Component/s matrix [ 15501 ]
            Labels configuration core jenkins matrix security configuration core jenkins security
            oleg_nenashev Oleg Nenashev made changes -
            Component/s security [ 15508 ]
            jglick Jesse Glick made changes -
            Labels configuration core jenkins security configuration core jenkins permissions security
            jglick Jesse Glick made changes -
            Labels configuration core jenkins permissions security configuration permissions security
            jglick Jesse Glick made changes -
            Link This issue depends on JENKINS-26469 [ JENKINS-26469 ]
            jglick Jesse Glick made changes -
            Link This issue is related to SECURITY-115 [ SECURITY-115 ]
            haraldv Harald Villinger made changes -
            Environment CentOS CentOS,
            haraldv Harald Villinger made changes -
            Environment CentOS, CentOS
            Jenkins
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 150331 ] JNJira + In-Review [ 177613 ]
            danielbeck Daniel Beck made changes -
            Link This issue is related to SECURITY-514 [ SECURITY-514 ]
            night_shift Annabella Schmidt made changes -
            Attachment Jenkins_PeopleView.png [ 24105 ]
            mreinhardt Martin Reinhardt made changes -
            Assignee Martin Reinhardt [ mreinhardt ]
            oleg_nenashev Oleg Nenashev made changes -
            Labels configuration permissions security configuration permissions security security-hardening
            oleg_nenashev Oleg Nenashev made changes -
            Link This issue is duplicated by JENKINS-61316 [ JENKINS-61316 ]

              People

              Assignee:
              mreinhardt Martin Reinhardt
              Reporter:
              night_shift Annabella Schmidt
              Votes:
              20 Vote for this issue
              Watchers:
              24 Start watching this issue

                Dates

                Created:
                Updated: