-
Improvement
-
Resolution: Unresolved
-
Major
-
None
Jenkins' GitHub authorization settings can be configured the following ways:
- Allow authenticated GutHub users access to Jenkins (by checking the box)
- Disallow authenticated GitHub users from accessing the Jenkins instsance
If option #1 is enabled, I'd expect a caution/warning message to appear describing the implications of this change, i.e. anyone with a GitHub account will be granted access the the Jenkins instance.
Today, checking that box potentially exposes code to people outside an organization and it's an easy mistake to make between 'authenticated' and 'authorized'.