[JENKINS-28910] No permission check when displaying job related information

Type: Bug
Resolution: Unresolved
Priority: Major
Component/s: xpath-config-viewer-plugin
Labels:
None
Environment:
XPath Configuration Viewer plugin version: 1.1.1

Similar Issues:
Powered by SuggestiMate

Show

The XPath Configuration Viewer plugin displays the job related information without checking the permissions of the current user. Even if a user logs out it is still possible to call the URL https://jenkinsinstance:8080/xpathviewer/index# and to get all information.

Bernhard Berbuir created issue - 2015-06-15 13:31

R. Tyler Croy made changes - 2016-07-25 23:51

Workflow

Original: JNJira [ 163774 ]

New: JNJira + In-Review [ 181368 ]

Boudoux Etienne made changes - 2016-12-15 21:13

Description

Original: The XPath Configuration Viewer plugin displays the job related information without checking the permissions of the current user. Even if a user logs out it is still possible to call the URL https://jenkinsinstance:8080/xpathviewer/index# and to get all information.

New: # The XPath Configuration Viewer plugin displays the job related information without checking the permissions of the current user. Even if a user logs out it is still possible to call the URL https://jenkinsinstance:8080/xpathviewer/index# and to get all information.

Assignee:: Unassigned

Reporter:: Bernhard Berbuir

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2015-06-15 13:31

Updated:: 2016-12-15 21:13

Jenkins

Details

Description

Attachments

Activity

People

Dates