Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-8936

plugin Bulk Builder seems to bypass user security settings, allows anyone to launch a bulk build

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • bulk-builder-plugin
    • None
    • This is using Jenkins 1.399 release and 0.7 of Bulk Builder.

      Along with having the Security Realm set to Jenkins own user Database I tried using the Legacy Mode, Matrix Based Security and Role Based Strategy plugin options and when I setup a user to only have Read only rights they can still launch builds thru Bulk Builder.

          [JENKINS-8936] plugin Bulk Builder seems to bypass user security settings, allows anyone to launch a bulk build

          Simon Westcott added a comment - - edited

          Hi Jon, thanks for raising. I'm aware of this, it's why the version number remains pre-1.0. I have done some initial work on a private branch, but it's far from complete.

          Edit: Added a fat warning to the wiki page.

          Simon Westcott added a comment - - edited Hi Jon, thanks for raising. I'm aware of this, it's why the version number remains pre-1.0. I have done some initial work on a private branch, but it's far from complete. Edit: Added a fat warning to the wiki page.

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Simon Westcott
          Path:
          src/main/java/org/jvnet/hudson/plugins/bulkbuilder/model/Builder.java
          src/test/java/org/jvnet/hudson/plugins/bulkbuilder/model/BuilderTest.java
          http://jenkins-ci.org/commit/bulk-builder-plugin/d4b2d2c94d139f079ff792bea97eb212ab807190
          Log:
          [Fixed JENKINS-8936] Obay Jenkins security policy

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Simon Westcott Path: src/main/java/org/jvnet/hudson/plugins/bulkbuilder/model/Builder.java src/test/java/org/jvnet/hudson/plugins/bulkbuilder/model/BuilderTest.java http://jenkins-ci.org/commit/bulk-builder-plugin/d4b2d2c94d139f079ff792bea97eb212ab807190 Log: [Fixed JENKINS-8936] Obay Jenkins security policy

          Simon Westcott added a comment -

          https://twitter.com/#!/jenkins_release/status/50780475052138496

          Simon Westcott added a comment - https://twitter.com/#!/jenkins_release/status/50780475052138496

          Rob Baxter added a comment -

          I'm still seeing this issue in Jenkins 1.510 and plug-in version 1.5. I'm using the Active Directory security plug in...did this issue reappear?

          Rob Baxter added a comment - I'm still seeing this issue in Jenkins 1.510 and plug-in version 1.5. I'm using the Active Directory security plug in...did this issue reappear?

            swestcott Simon Westcott
            jstarbird Jon Starbird
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: