-
Bug
-
Resolution: Fixed
-
Major
-
None
Right now the plugin allows anonymous users to see configurations. This is true for the overview as well as operations as getConfig and showDiffs. Only users with the permission to change a job configuration should be able to see these.
See:
http://wiki.jenkins-ci.org/display/JENKINS/Making+your+plugin+behave+in+secured+Hudson
for a reference how to avoid this.