-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Minor
-
Component/s: core
-
Environment:jenkins 2.379
matrix-auth plugin 3.1.5
Jenkins supports specific permissions for viewing, creating, updating and deleting credentials.
When a user has Credentials.Update permission, but not Item.Configure permission for a specific item, he is able to visit the credentials update page.
But when he saves the dialog (without changing the concealed password), the credential entry is saved with '******' as password value.
These passwords obviously are rejected by the target systems.
Â
It seems there's a check for Item.Configure permission within hudson.Functions class which needs to be extended with a Credential.Update check.
