Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23627

Overall.READ is sufficient to access /administrativeMonitor/hudsonHomeIsFull/

XMLWordPrintable

      This does not appear to really be an issue by itself, but it might be in the case of carelessly implemented Solution's to this problem that don't check permissions in message.jelly and expose private data on the overview page (even if checking permissions for any associated actions).

          [JENKINS-23627] Overall.READ is sufficient to access /administrativeMonitor/hudsonHomeIsFull/

          Daniel Beck created issue -
          Jesse Glick made changes -
          Status Original: Untriaged [ 10001 ] New: Open [ 1 ]
          Jesse Glick made changes -
          Status Original: Open [ 1 ] New: Fix Prepared [ 10002 ]
          Jesse Glick made changes -
          URL New: https://github.com/jenkinsci/jenkins/pull/1283
          Jesse Glick made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Fix Prepared [ 10002 ] New: Resolved [ 5 ]
          Jesse Glick made changes -
          Component/s New: core [ 15593 ]
          Component/s Original: core [ 15738 ]
          Key Original: SECURITY-134 New: JENKINS-23627
          Project Original: Security Issues [ 10180 ] New: Jenkins [ 10172 ]
          Workflow Original: Security v1.2 [ 154895 ] New: JNJira [ 156410 ]
          Jesse Glick made changes -
          Labels New: security
          Jesse Glick made changes -
          Labels Original: security New: lts-candidate security
          Daniel Beck made changes -
          Labels Original: lts-candidate security New: 1.565.1-fixed security
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 156410 ] New: JNJira + In-Review [ 195075 ]

            kohsuke Kohsuke Kawaguchi
            danielbeck Daniel Beck
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: