Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-8936

plugin Bulk Builder seems to bypass user security settings, allows anyone to launch a bulk build

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: bulk-builder-plugin
    • Labels:
      None
    • Environment:
      This is using Jenkins 1.399 release and 0.7 of Bulk Builder.
    • Similar Issues:

      Description

      Along with having the Security Realm set to Jenkins own user Database I tried using the Legacy Mode, Matrix Based Security and Role Based Strategy plugin options and when I setup a user to only have Read only rights they can still launch builds thru Bulk Builder.

        Attachments

          Activity

          Hide
          swestcott Simon Westcott added a comment - - edited

          Hi Jon, thanks for raising. I'm aware of this, it's why the version number remains pre-1.0. I have done some initial work on a private branch, but it's far from complete.

          Edit: Added a fat warning to the wiki page.

          Show
          swestcott Simon Westcott added a comment - - edited Hi Jon, thanks for raising. I'm aware of this, it's why the version number remains pre-1.0. I have done some initial work on a private branch, but it's far from complete. Edit: Added a fat warning to the wiki page.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Simon Westcott
          Path:
          src/main/java/org/jvnet/hudson/plugins/bulkbuilder/model/Builder.java
          src/test/java/org/jvnet/hudson/plugins/bulkbuilder/model/BuilderTest.java
          http://jenkins-ci.org/commit/bulk-builder-plugin/d4b2d2c94d139f079ff792bea97eb212ab807190
          Log:
          [Fixed JENKINS-8936] Obay Jenkins security policy

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Simon Westcott Path: src/main/java/org/jvnet/hudson/plugins/bulkbuilder/model/Builder.java src/test/java/org/jvnet/hudson/plugins/bulkbuilder/model/BuilderTest.java http://jenkins-ci.org/commit/bulk-builder-plugin/d4b2d2c94d139f079ff792bea97eb212ab807190 Log: [Fixed JENKINS-8936] Obay Jenkins security policy
          Show
          swestcott Simon Westcott added a comment - https://twitter.com/#!/jenkins_release/status/50780475052138496
          Hide
          rbaxter Rob Baxter added a comment -

          I'm still seeing this issue in Jenkins 1.510 and plug-in version 1.5. I'm using the Active Directory security plug in...did this issue reappear?

          Show
          rbaxter Rob Baxter added a comment - I'm still seeing this issue in Jenkins 1.510 and plug-in version 1.5. I'm using the Active Directory security plug in...did this issue reappear?

            People

            Assignee:
            swestcott Simon Westcott
            Reporter:
            jstarbird Jon Starbird
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: