Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21635

"Build" permission is ignored, anyone can reach the link

XMLWordPrintable

      At least while using project-based security, this module ignores the (lack of) Build permission and allows builds to be run by users without permission.

          [JENKINS-21635] "Build" permission is ignored, anyone can reach the link

          Byron Brummer created issue -
          Oliver Gondža made changes -
          Labels Original: permissions security New: permissions
          Priority Original: Critical [ 2 ] New: Minor [ 4 ]
          Oliver Gondža made changes -
          Link New: This issue duplicates JENKINS-23076 [ JENKINS-23076 ]

          Oliver Gondža added a comment -

          Closing as a duplicate of a bug that is already fixed.

          Oliver Gondža added a comment - Closing as a duplicate of a bug that is already fixed.

          Oliver Gondža added a comment -

          Note that an attempt to actually build the job will be rejected with SecurityException, therefore this is not a security hole.

          Oliver Gondža added a comment - Note that an attempt to actually build the job will be rejected with SecurityException, therefore this is not a security hole.
          Oliver Gondža made changes -
          Summary Original: Security hole: "Build" permission is ignored, anyone that can reach the link can run the job. New: "Build" permission is ignored, anyone can reach the link
          Oliver Gondža made changes -
          Resolution New: Duplicate [ 3 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 153633 ] New: JNJira + In-Review [ 194621 ]

            Unassigned Unassigned
            byronbrummer Byron Brummer
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: