Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Not A Defect
-
Jenkins : 2.121.2
config-file-provider-plugin : 3.2
Description
When using the plugin "config-file-provider", the configs files are readable by everyone with the right to create jobs.
When the user create a job, at the moment of choosing a config file, he can click on "view selected file" and have a full RO access on this files...
Attachments
Activity
Guillaume Lunik
added a comment - Seems legit
The issue can be closed
Thanks Guillaume Lunik
added a comment - intentional behavior 
I don't think this is a bug but the intention - everyone having permission to create a job should also be able to see the config-files hi is able to use within his jobs. If you have files which should not be seen by everyone, then you should create folders and place the config-files within the scope of a folder where only allowed users have permission to see it.