![]() |
|
|
|
|
Issue Type:
|
![Bug]() Bug
|
|
Affects Versions:
|
current |
|
Assignee:
|
Unassigned |
|
Components:
|
core |
|
Created:
|
15/Apr/13 3:00 PM
|
|
Description:
|
It is possible to enter another user configuration, using URL like http://jenkins-instance/user/username/configure and change (or assign) SSH key for this user. It is now possible to authenticate through CLI as this user and initiate actions on behalf of another user, probably with higher privileges.
Additionally, since not many users are aware of configuration section per user, this change may get unnoticed for quite a long time.
|
|
Environment:
|
Jenkins 1.510 on RHEL5 x86_64
|
|
Project:
|
Jenkins
|
|
Priority:
|
![Critical]() Critical
|
|
Reporter:
|
Krzysztof Malinowski
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
[email protected].
For more options, visit
https://groups.google.com/groups/opt_out.
