Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21635

"Build" permission is ignored, anyone can reach the link

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      At least while using project-based security, this module ignores the (lack of) Build permission and allows builds to be run by users without permission.

        Attachments

          Issue Links

            Activity

            byronbrummer Byron Brummer created issue -
            olivergondza Oliver Gondža made changes -
            Field Original Value New Value
            Labels permissions security permissions
            Priority Critical [ 2 ] Minor [ 4 ]
            olivergondza Oliver Gondža made changes -
            Link This issue duplicates JENKINS-23076 [ JENKINS-23076 ]
            Hide
            olivergondza Oliver Gondža added a comment -

            Closing as a duplicate of a bug that is already fixed.

            Show
            olivergondza Oliver Gondža added a comment - Closing as a duplicate of a bug that is already fixed.
            Hide
            olivergondza Oliver Gondža added a comment -

            Note that an attempt to actually build the job will be rejected with SecurityException, therefore this is not a security hole.

            Show
            olivergondza Oliver Gondža added a comment - Note that an attempt to actually build the job will be rejected with SecurityException, therefore this is not a security hole.
            olivergondza Oliver Gondža made changes -
            Summary Security hole: "Build" permission is ignored, anyone that can reach the link can run the job. "Build" permission is ignored, anyone can reach the link
            olivergondza Oliver Gondža made changes -
            Resolution Duplicate [ 3 ]
            Status Open [ 1 ] Resolved [ 5 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 153633 ] JNJira + In-Review [ 194621 ]

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              byronbrummer Byron Brummer
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: