Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34094

UpdateCenter.doConnectionStatus not access controlled

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      new Methods in UpdateCenter should really be access controlled.

      No root to exploit but at least doConnectionStatus may involve hitting remote servers.

      https://github.com/daniel-beck/jenkins/commit/1fe9cf7b7ada45230f2bc5b8e2f1bdb93175ff9f#diff-5998d19a549502e79eda1484cbd95945R292

        Attachments

          Activity

          Ascending order - Click to sort in descending order
          Hide
          Permalink
          danielbeck Daniel Beck added a comment -

          Let's just fix this towards 2.0.

          Show
          danielbeck Daniel Beck added a comment - Let's just fix this towards 2.0.
          Hide
          Permalink
          hrmpw Patrick Wolf added a comment -

          Is this going into the GA release Daniel Beck ?

          Show
          hrmpw Patrick Wolf added a comment - Is this going into the GA release Daniel Beck ?
          Hide
          Permalink
          danielbeck Daniel Beck added a comment -

          Patrick Wolf Yes. That's the idea anyway. While I don't think this could really be abused, let's just make sure and plug the hole.

          Show
          danielbeck Daniel Beck added a comment - Patrick Wolf Yes. That's the idea anyway. While I don't think this could really be abused, let's just make sure and plug the hole.
          Hide
          Permalink
          danielbeck Daniel Beck added a comment -

          PR sent: https://github.com/jenkinsci/jenkins/pull/2269

          Show
          danielbeck Daniel Beck added a comment - PR sent: https://github.com/jenkinsci/jenkins/pull/2269
          Hide
          Permalink
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/src/main/java/hudson/PluginManager.java
          core/src/main/java/hudson/PluginWrapper.java
          core/src/main/java/hudson/model/UpdateCenter.java
          core/src/main/java/hudson/model/UpdateSite.java
          core/src/main/java/hudson/model/View.java
          core/src/main/java/hudson/model/ViewDescriptor.java
          core/src/main/java/jenkins/model/Jenkins.java
          http://jenkins-ci.org/commit/jenkins/6f8540c34735621576876c6dfd423ff82996f5b1
          Log:
          [FIX JENKINS-34094] Add access control

          Also adds some API restrictions for JENKINS-33803.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/hudson/PluginManager.java core/src/main/java/hudson/PluginWrapper.java core/src/main/java/hudson/model/UpdateCenter.java core/src/main/java/hudson/model/UpdateSite.java core/src/main/java/hudson/model/View.java core/src/main/java/hudson/model/ViewDescriptor.java core/src/main/java/jenkins/model/Jenkins.java http://jenkins-ci.org/commit/jenkins/6f8540c34735621576876c6dfd423ff82996f5b1 Log: [FIX JENKINS-34094] Add access control Also adds some API restrictions for JENKINS-33803 .
          Hide
          Permalink
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/src/main/java/hudson/PluginManager.java
          core/src/main/java/hudson/PluginWrapper.java
          core/src/main/java/hudson/model/UpdateCenter.java
          core/src/main/java/hudson/model/UpdateSite.java
          core/src/main/java/hudson/model/View.java
          core/src/main/java/hudson/model/ViewDescriptor.java
          core/src/main/java/jenkins/model/Jenkins.java
          http://jenkins-ci.org/commit/jenkins/f593885b661486ba0826f9e68c259448e41f8e3d
          Log:
          Merge pull request #2269 from daniel-beck/JENKINS-34094

          [FIX JENKINS-34094] Add access control

          Compare: https://github.com/jenkinsci/jenkins/compare/1891deee30d8...f593885b6614

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/hudson/PluginManager.java core/src/main/java/hudson/PluginWrapper.java core/src/main/java/hudson/model/UpdateCenter.java core/src/main/java/hudson/model/UpdateSite.java core/src/main/java/hudson/model/View.java core/src/main/java/hudson/model/ViewDescriptor.java core/src/main/java/jenkins/model/Jenkins.java http://jenkins-ci.org/commit/jenkins/f593885b661486ba0826f9e68c259448e41f8e3d Log: Merge pull request #2269 from daniel-beck/ JENKINS-34094 [FIX JENKINS-34094] Add access control Compare: https://github.com/jenkinsci/jenkins/compare/1891deee30d8...f593885b6614

            People

            Assignee:
            danielbeck Daniel Beck
            Reporter:
            teilo James Nord
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: