Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31904

Plugin works even when authentication and security are enabled in jenkins

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Won't Fix
    • Icon: Minor Minor
    • gitlab-hook-plugin
    • None
    • Jenkins 1.632, Ubuntu 14.04

      We have a jenkins server and a gitlab server hosted in our internal network and everything works fine. Recently we made our jenkins server available from the public internet and therefore enabled Matrix based security in the global security settings in jenkins. Everything still works fine. I do not have to change the web hook url within the gitlab repository.

      But that is not what i have expected. So now anyone who knows the public jenkins url can trigger the a job by calling the web hook url and passing the wright data. My thought was that this anonymous calls would be blocked. I know that other plugins need a username and password/token to work with secured jenkins systems. So did i miss something here or is it expected behavior?

            javiplx Javier Palacios
            4kochi Andreas Krummsdorf
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: