Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56607

Broken Jelly permission check creates MANAGE_DOMAINS user

    XMLWordPrintable

    Details

    • Similar Issues:
    • Released As:
      credentials-2.2.1

      Description

      https://github.com/jenkinsci/credentials-plugin/blob/11873056e05470405fa004adbd2967d96eeafa12/src/main/resources/com/cloudbees/plugins/credentials/ViewCredentialsAction/action.jelly#L39

      it is a User, and this ends up calling static User#get(String)

      This does not impact security, but the check will succeed, and the "Add domain" link will be shown to users without the necessary permission.

        Attachments

          Issue Links

            Activity

            Hide
            jvz Matt Sicker added a comment -

            Merged to master.

            Show
            jvz Matt Sicker added a comment - Merged to master.
            Hide
            jvz Matt Sicker added a comment -

            Released in credentials-2.2.1.

            Show
            jvz Matt Sicker added a comment - Released in credentials-2.2.1.

              People

              Assignee:
              danielbeck Daniel Beck
              Reporter:
              danielbeck Daniel Beck
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: