[JIRA] [mqtt-notification] (JENKINS-25035) Credentials metadata leak in MqttNotifier

[jgl...@cloudbees.com (JIRA)]

Jesse Glick created JENKINS-25035 Credentials metadata leak in MqttNotifier Issue Type: Bug Assignee: Unassigned Components: mqtt-notification Created: 07/Oct/14 9:28 PM Description: MqttNotifier.DescriptorImpl.doFillCredentialsIdItems should take @AncestorInPath Item context to be used in place of Jenkins.getInstance(), and start with if (context == null || !context.hasPermission(Item.CONFIGURE)) { return new ListBoxModel(); } lest it expose credentials IDs and descriptions to anonymous users. Project: Jenkins Labels: security credentials Priority: Minor Reporter: Jesse Glick

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.