[JENKINS-29346] Input approval should only be granted to users with job build permission

Type: Improvement
Resolution: Fixed
Priority: Major
Component/s: pipeline-input-step-plugin
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show

When there is no submitters specified on the workflow input step, anyone that can access the workflow build page can approve the input, only the read permission is required for this.

is related to

JENKINS-27134 Permission for input approval, or choice of Jenkins-specific group as submitter

Open

Jesse Glick added a comment - 2015-07-24 15:29

Not exactly a duplicate, but an implementation of JENKINS-27134 would cover it, so marking it that way.

Jesse Glick added a comment - 2015-07-24 15:29 Not exactly a duplicate, but an implementation of JENKINS-27134 would cover it, so marking it that way.

Jesse Glick added a comment - 2016-10-14 16:04

Not really; the default permission should be better.

Jesse Glick added a comment - 2016-10-14 16:04 Not really; the default permission should be better.

Jesse Glick added a comment - 2017-05-05 02:37

Moving from JENKINS-27134:

even admin permissions aren't enough to grant approval for an input step (even though you can rewrite the job totally with those permissions)

In some sense the flip side of this: while the permission check when there is no submitter should be limited to those with BUILD, if you have CONFIGURE you should arguably be permitted to approve despite being omitted from submitter. Of course you could also just cancel the current build and adjust the job definition to allow people like yourself to approve for the future, so I am not convinced it is a good idea to allow non-submitter submissions.

Jesse Glick added a comment - 2017-05-05 02:37 Moving from JENKINS-27134 : even admin permissions aren't enough to grant approval for an input step (even though you can rewrite the job totally with those permissions) In some sense the flip side of this: while the permission check when there is no submitter should be limited to those with BUILD , if you have CONFIGURE you should arguably be permitted to approve despite being omitted from submitter . Of course you could also just cancel the current build and adjust the job definition to allow people like yourself to approve for the future, so I am not convinced it is a good idea to allow non- submitter submissions.

Andrew Bayer added a comment - 2017-09-13 21:37

This was actually fixed in SECURITY-576.

Andrew Bayer added a comment - 2017-09-13 21:37 This was actually fixed in SECURITY-576.

Assignee:: Unassigned

Reporter:: Adrien Lecharpentier

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2015-07-10 12:53

Updated:: 2017-09-13 21:37

Resolved:: 2017-09-13 21:37

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Jesse Glick added a comment - 2015-07-24 15:29

Expand comment: Jesse Glick added a comment - 2015-07-24 15:29

Collapse comment: Jesse Glick added a comment - 2016-10-14 16:04

Expand comment: Jesse Glick added a comment - 2016-10-14 16:04

Collapse comment: Jesse Glick added a comment - 2017-05-05 02:37

Expand comment: Jesse Glick added a comment - 2017-05-05 02:37

Collapse comment: Andrew Bayer added a comment - 2017-09-13 21:37

Expand comment: Andrew Bayer added a comment - 2017-09-13 21:37

People

Dates