Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-18884

Seperate Permission for People View to close Security Hole with AD Plugin

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Even when choosing the most restricted user rights (Role Plugin: Global Role only 1 Read), it is possible for every user to view the Jenkins User Id AND the name of the user (see screenshots).
      Working with an Active Directory for authentication, this means its possible for everybody to get the user names from AD AND the common names (Security Hole with AD Plugin?).

      Goal: create a Permission to allow specific People/Roles to see this User Account info and deny it to all others.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mreinhardt Martin Reinhardt
              Reporter:
              night_shift Annabella Schmidt
              Votes:
              20 Vote for this issue
              Watchers:
              24 Start watching this issue

                Dates

                Created:
                Updated: