Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46353

Anonymous user can search for actual users

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • ldap-plugin
    • None

      With overall read access an anonymous user can use the top right search box to find what LDAP users exist.
      Beginning to enter a name will auto-complete it e.g. "John" auto-completes to "John Doe".

      This gives an anonymous user the opportunity to find the user ids.
      These user ids could then be used to find a user with a weak password.

          [JENKINS-46353] Anonymous user can search for actual users

          Matthias Fuchs created issue -
          Oleg Nenashev made changes -
          Assignee Original: Kohsuke Kawaguchi [ kohsuke ]

            Unassigned Unassigned
            mfuchs Matthias Fuchs
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: