[JIRA] [crx-content-package-deployer] (JENKINS-25032) Credentials metadata leak in GraniteCredentialsListBoxModel

jgl...@cloudbees.com (JIRA) Tue, 07 Oct 2014 14:24:53 -0700

Jesse Glick created

Credentials metadata leak in GraniteCredentialsListBoxModel

Issue Type:	Bug
Assignee:	Unassigned
Components:	crx-content-package-deployer
Created:	07/Oct/14 9:22 PM
Description:	`GraniteCredentialsListBoxModel.fillItems` should probably start with if (context == null \|\| !context.hasPermission(Item.CONFIGURE)) { return new ListBoxModel(); } lest it expose credentials IDs and descriptions to anonymous users. This is assuming that there is a `context` passed in from callers, typically as `@AncestorInPath`.
Project:	Jenkins
Labels:	security credentials
Priority:	Blocker
Reporter:	Jesse Glick

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JIRA] [crx-content-package-deployer] (JENKINS-25032) Credentials metadata leak in GraniteCredentialsListBoxModel

Reply via email to