We are currently evaluating the use of the hp-application-automation-tools-plugin in our setup to better integrate the mf tools with our established CI/CD pipeline. The huge amount of functionality packed into one plugin makes it hared to see the side effects.
After installation of the plugin we observed that internal data about the Jenkins installation and Job names is exposed at the Url: https://<jenkinsRoot>/userContent/nga/logs/ to users with minimum permissions on the Jenkins install. The data includes Jobs that are not related to the mf integration at all.
This does not feel right at other places this information is well hidden for users without permission. Is this an error in our setup?