-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Platform: All, OS: All
On a site with security enabled: I'm not logged in as a user, but I can see the
page "tag this build". (I did not try it on the mentioned site.) Even if this
doesn't work, I should never see this page.
[JENKINS-478] anonymous user should not be able to tag sources
Resolution | New: Fixed [ 1 ] | |
Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
Component/s | New: core [ 15593 ] | |
Component/s | Original: www [ 15484 ] |
Workflow | Original: JNJira [ 130551 ] | New: JNJira + In-Review [ 199916 ] |
Fixed in 1.103.
This was not just an UI issue but actually also a security issue. It allowed
anyone to tag the workspace.