Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-75154

Job Restrictions based on administrator access on specific node (job restrictions plugin)

      We have tested the latest changes for this plugin in our test environment (PR: Security fixes by mPokornyETM - Pull Request #180 - jenkinsci/job-restrictions-plugin) and would like to provide some feedback on it:
      Before updating the plugin to the latest version:
      We could see that a regular user with no overall administrator rights that just has Configure permissions on the test node is able to configure job restrictions at Node level.
      After updating the plugin to the latest version:
      The same test user is now not able to configure job restrictions at node level, as it gets an access denied error => the user impact could be significant

      As for the permissions check added:
      Jenkins.get().checkPermission(Jenkins.ADMINISTER); -> This verifies if the user has overall administrator permissions in Jenkins. However, for using this plugin, we should ensure that the user has administrator rights to the specific node.

          [JENKINS-75154] Job Restrictions based on administrator access on specific node (job restrictions plugin)

          There are no comments yet on this issue.

            Unassigned Unassigned
            moldomda Madalina
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: