Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-68865

Don't show shield warning for disabled plugins

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • core
    • None

      Steps

      1. Visit a jenkins that has the Global Variable String Parameter plugin installed
      2. If the plugin isn't disabled, visit the plugin manager, disable it, and restart jenkins
      3. Visit jenkins again (if you had to restart it)
      4. Click the at the top of the jenkins
      5. See:
        Warnings have been published for the following currently installed components:Global Variable String Parameter 1.2 Stored XSS vulnerability
      6. Click Go to plugin manager (/pluginManager/)
      7. Click Installed (/pluginManager/installed)
      8. Type a substring of the plugin name to find it, e.g. string:
      9. Note that the plugin in question is clearly disabled
      10. File ticket

      Expected results

      1. If a plugin is disabled, I don't need to see a shield warning me about the plugin. It's sufficient to see the warning in the Installed page – which should be more than enough to block me from carelessly re-enabling a vulnerable plugin.
      2. The message should be changed to say:

        Warnings have been published for the following currently enabled components:

        1. image-2022-06-28-16-34-46-480.png
          image-2022-06-28-16-34-46-480.png
          41 kB
        2. image-2022-06-28-16-35-52-950.png
          image-2022-06-28-16-35-52-950.png
          2 kB
        3. image-2022-06-28-16-36-34-756.png
          image-2022-06-28-16-36-34-756.png
          31 kB

            Unassigned Unassigned
            jsoref Josh Soref
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: