Credentials metadata leak in MqttNotifier

XMLWordPrintable

      MqttNotifier.DescriptorImpl.doFillCredentialsIdItems should take @AncestorInPath Item context to be used in place of Jenkins.getInstance(), and start with

      if (context == null || !context.hasPermission(Item.CONFIGURE)) {
    return new ListBoxModel();
}

      lest it expose credentials IDs and descriptions to anonymous users.

            Assignee:
            Gareth Western
            Reporter:
            Jesse Glick
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: