[JENKINS-28298] Can bypass the security check of authorize-project with CLI and REST of Jenkins 1.580.1

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: authorize-project-plugin
Labels:
None
Environment:
Jenkins 1.580.1
authorize-project 1.0.3

Similar Issues:
Powered by SuggestiMate

Show

When running tests of authorize-project with Jenkins 1.580.1, tests failed as following:

SpecificUsersAuthorizationStrategyTest.testCliFailure:689 Values should be different. Actual: 0
SpecificUsersAuthorizationStrategyTest.testRestInterfaceFailure:525 null

This might mean you can bypass the security checks of authorize-project.

depends on

JENKINS-28440 Allow to reject specific configurations via REST and CLI

Resolved

is related to

JENKINS-22469 SpecificUsersAuthorizationStrategy easily bypassed by REST/CLI

Closed

ikedam created issue - 2015-05-07 22:23

ikedam made changes - 2015-05-10 00:55

Link

New: This issue is related to ~~JENKINS-22469~~ [ ~~JENKINS-22469~~ ]

ikedam made changes - 2015-05-17 00:55

Link

New: This issue depends on ~~JENKINS-28440~~ [ ~~JENKINS-28440~~ ]

SCM/JIRA link daemon made changes - 2016-03-27 03:04

Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

ikedam made changes - 2016-03-27 04:14

Status

Original: Resolved [ 5 ]

New: Closed [ 6 ]

R. Tyler Croy made changes - 2016-07-26 00:01

Workflow

Original: JNJira [ 163133 ]

New: JNJira + In-Review [ 208751 ]

Assignee:: ikedam

Reporter:: ikedam

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2015-05-07 22:23

Updated:: 2016-03-27 04:14

Resolved:: 2016-03-27 03:04

Jenkins

Details

Description

Attachments

Issue Links

Activity

People

Dates