-
Improvement
-
Resolution: Duplicate
-
Minor
-
None
When a GitHub user outside an authorized organization log in into Jenkins, his access is denied but he has still a view on the Jenkins web UI (with no rights).
A simple 403 page without any Jenkins menu display would enhance the feeling of a strong "access denied".
I make this request because this was a remark from an external security audit of our tools. The idea is to reduce the attack surface.
- duplicates
-
JENKINS-46962 Github Users Outside Organisation get an authenticated user in Jenkins.
-
- Open
-
[JENKINS-53364] github-oauth-plugin -Simpler 403 page
Link | New: This issue duplicates JENKINS-46962 [ JENKINS-46962 ] |
Resolution | New: Duplicate [ 3 ] | |
Status | Original: Open [ 1 ] | New: Closed [ 6 ] |