Hi all, I understand that if a Jenkins master is compromised, then slaves are compromised. But I did not think that the reverse was true. However, I stumbled upon information on this page about Jenkins security<https://wiki.jenkins-ci.org/display/JENKINS/Securing+Jenkins> where following is mentioned:
*"Also, slaves that are connected to Jenkins gain the full access to the entire Jenkins build cluster, since a slave can send code to the master to be executed."* Is this really true? Does it also hold for all types of master-slave connections (JNLP, SSH etc)? If that is the case it would mean that once a slave has been compromised, the whole cluster (including the master) is also compromised? Please help me understand this. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
