Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53753

Misleading documentation for permissions

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The plugin has an option to discover PRs from forks and only trust those with admin or write access. The documentation is misleading and makes it sound as thought this will block PRs from untrusted users from being built. Instead this causes the original Jenkinsfile to be used instead of the Jenkinsfile from the fork. Not only is the phrasing of the documentation misleading, it still allows for many vectors of attack such as changing a file that the original Jenkinsfile calls.

        Attachments

          Issue Links

            Activity

            roguishmountain Sam Schwarz created issue -
            abayer Andrew Bayer made changes -
            Field Original Value New Value
            Link This issue relates to JENKINS-53752 [ JENKINS-53752 ]
            abayer Andrew Bayer made changes -
            Labels security security triaged-2018-11

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              roguishmountain Sam Schwarz
              Votes:
              4 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated: