Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-65949

Unauthenticated users can read all on asynchPeople link when Annonymous user has global read role

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: core
    • Labels:
      None
    • Environment:
      jenkins 2.263.4, redHat 7, RoleBasedStrategy Plugin
    • Similar Issues:

      Description

      The error occurs when the anonymous user is granted global read permissions.
      All unauthenticated users can dump the information by entering the asynchPeople link.

      We are using the Roles plugin (Role based Strategy) and we grant the global read to the anonymous user so that all users have visibility of what the rest of the teams are doing.
      But in our organization, obtaining personal information from other users is considered a serious security violation.
      they should only have access to see the pipeliens and folders.

        Attachments

          Activity

          d3camp0s Diego Campos created issue -
          d3camp0s Diego Campos made changes -
          Field Original Value New Value
          Attachment role_read_on_annonymous_user.png [ 55039 ]
          Attachment asynchPeople_can_read_user_unauthenticated.png [ 55040 ]
          d3camp0s Diego Campos made changes -
          Description The error occurs when the anonymous user is granted global read permissions.
          All unauthenticated users can dump the information by entering the asynchPeople link.
          The error occurs when the anonymous user is granted global read permissions.
          All unauthenticated users can dump the information by entering the asynchPeople link.


          We are using the Roles plugin (Role based Strategy) and we grant the global read to the anonymous user so that all users have visibility of what the rest of the teams are doing.
          But in our organization, obtaining personal information from other users is considered a serious security violation.
          they should only have access to see the pipeliens and folders.
          d3camp0s Diego Campos made changes -
          Environment jenkins 2.263.4, redHat 7 jenkins 2.263.4, redHat 7, RoleBasedStrategy Plugin

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            d3camp0s Diego Campos
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: