![]() |
|
|
|
|
Issue Type:
|
![Bug]() Bug
|
|
Assignee:
|
tspengler
|
|
Components:
|
hudson-wsclean-plugin |
|
Created:
|
11/Mar/13 9:48 PM
|
|
Description:
|
We are having a XSS vulnerability issue with prod/non prod hudson boxes. We tried installing a few plugins like pegdown but the Vulnerability still seems to be there in scans.
The user can hit Hudsonurl//computer/(master)/ without any credentials.The vulerbailty is seen in /computer/(master)/loadStatistics/graph
We had given read acccess for anonymous in global settings, but if we remove that the users will no be able to see the dashboards.
Any help would be highly appreciated.
|
|
Due Date:
|
13/Mar/13 12:00 AM
|
|
Environment:
|
PROD/NON PROD
|
|
Project:
|
Jenkins
|
|
Priority:
|
![Major]() Major
|
|
Reporter:
|
Nirmal Shankar
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
[email protected].
For more options, visit
https://groups.google.com/groups/opt_out.
