[JENKINS-44245] Scriptler Plugin allows any Scriptler script to be executed as build step

Type: Bug
Resolution: Fixed
Priority: Blocker
Component/s: scriptler-plugin
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show

SECURITY-366
Scriptler Plugin executes any Scriptler scripts specified for the Scriptler build step in job configurations even though it is documented to only allow specific scripts to be included.
Users can therefore POST config.xml or use a similar approach to submit a job configuration containing a script that is not available from the UI. Additionally, jobs configured through the UI will continue to run specified scripts even after they have been reconfigured to not allow this inclusion.

SCM/JIRA link daemon added a comment - 2017-05-12 16:25

Code changed in jenkins
User: imod
Path:
src/main/java/org/jenkinsci/plugins/scriptler/builder/ScriptlerBuilder.java
http://jenkins-ci.org/commit/scriptler-plugin/d1986c8814824b461bce4e51293776ed99721de9
Log:
~~JENKINS-44245~~ / SECURITY-366 make sure script is allowed to be run in a builder

SCM/JIRA link daemon added a comment - 2017-05-12 16:25 Code changed in jenkins User: imod Path: src/main/java/org/jenkinsci/plugins/scriptler/builder/ScriptlerBuilder.java http://jenkins-ci.org/commit/scriptler-plugin/d1986c8814824b461bce4e51293776ed99721de9 Log: JENKINS-44245 / SECURITY-366 make sure script is allowed to be run in a builder

Assignee:: Dominik Bartholdi

Reporter:: Dominik Bartholdi

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2017-05-12 16:16

Updated:: 2017-05-12 16:37

Resolved:: 2017-05-12 16:37

Jenkins

Details

Description

Attachments

Activity

Collapse comment: SCM/JIRA link daemon added a comment - 2017-05-12 16:25

Expand comment: SCM/JIRA link daemon added a comment - 2017-05-12 16:25

People

Dates