Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31611

Unprivileged user may access plugin uninstall form

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • None

      Through forceful browsing, it is possible to reach the uninstall page for plugins, e.g. http://$JENKINS_URL/pluginManager/plugin/saml/uninstall

      Submitting the form results in an accessed denied exception. This form should not be reachable for normal users.

          [JENKINS-31611] Unprivileged user may access plugin uninstall form

          Josh Cook created issue -
          Josh Cook made changes -
          Labels Original: plugins security New: authorization plugins security
          Daniel Beck made changes -
          Assignee New: Daniel Beck [ danielbeck ]
          Daniel Beck made changes -
          Labels Original: authorization plugins security
          Daniel Beck made changes -
          Component/s New: core [ 15593 ]
          Component/s Original: security [ 15508 ]
          Daniel Beck made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Daniel Beck made changes -
          Remote Link New: This issue links to "PR 2317 (Web Link)" [ 14272 ]
          SCM/JIRA link daemon made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Progress [ 3 ] New: Resolved [ 5 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 167043 ] New: JNJira + In-Review [ 198101 ]

            danielbeck Daniel Beck
            jec Josh Cook
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: