Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53753

Misleading documentation for permissions

    XMLWordPrintable

Details

    Description

      The plugin has an option to discover PRs from forks and only trust those with admin or write access. The documentation is misleading and makes it sound as thought this will block PRs from untrusted users from being built. Instead this causes the original Jenkinsfile to be used instead of the Jenkinsfile from the fork. Not only is the phrasing of the documentation misleading, it still allows for many vectors of attack such as changing a file that the original Jenkinsfile calls.

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. JENKINS-53752 Block PRs from forks from untrusted users

          • Major - Major loss of function.
          • Reopened

          New Feature - A new feature of the product, which has yet to be developed. JENKINS-46795 Abort builds with untrusted Jenkinsfile, but only given passive cause

          • Major - Major loss of function.
          • In Review

          Activity

            People

              Unassigned Unassigned
              roguishmountain Sam Schwarz
              Votes:
              4 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated: