|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
[JIRA] (JENKINS-15213) email-ext 2.22+ allows any user with configure permission for a single job to circumvent Jenkins security
slide.o....@gmail.com (JIRA) Tue, 11 Dec 2012 05:32:48 -0800
- [JIRA] (JENKINS-15213) email-ext 2.22+ allo... slide.o....@gmail.com (JIRA)
- [JIRA] (JENKINS-15213) email-ext 2.22+... slide.o....@gmail.com (JIRA)
- [JIRA] (JENKINS-15213) email-ext 2.22+... slide.o....@gmail.com (JIRA)
- [JIRA] (JENKINS-15213) email-ext 2.22+... slide.o....@gmail.com (JIRA)
- [JIRA] (JENKINS-15213) email-ext 2.22+... scm_issue_l...@java.net (JIRA)
Groovy Postbuild's security is easily bypassed, I can add imports at the top of the post-build script and access the Jenkins/Hudson instance all I want, even with the security enabled. I need to research this more, something along the lines of a sandbox if something like that exists.