Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31904

Plugin works even when authentication and security are enabled in jenkins

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: gitlab-hook-plugin
    • Labels:
      None
    • Environment:
      Jenkins 1.632, Ubuntu 14.04
    • Similar Issues:

      Description

      We have a jenkins server and a gitlab server hosted in our internal network and everything works fine. Recently we made our jenkins server available from the public internet and therefore enabled Matrix based security in the global security settings in jenkins. Everything still works fine. I do not have to change the web hook url within the gitlab repository.

      But that is not what i have expected. So now anyone who knows the public jenkins url can trigger the a job by calling the web hook url and passing the wright data. My thought was that this anonymous calls would be blocked. I know that other plugins need a username and password/token to work with secured jenkins systems. So did i miss something here or is it expected behavior?

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            Assignee:
            javiplx Javier Palacios
            Reporter:
            4kochi Andreas Krummsdorf
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: