Hi all, I understand that if a Jenkins master is compromised, then slaves are compromised. But I did not think that the reverse was true. However, I stumbled upon information on this page about Jenkins security<https://wiki.jenkins-ci.org/display/JENKINS/Securing+Jenkins> where following is mentioned:
*"Also, slaves that are connected to Jenkins gain the full access to the entire Jenkins build cluster, since a slave can send code to the master to be executed."* Is this really true? Does it also hold for all types of master-slave connections (JNLP, SSH etc)? If that is the case it would mean that once a slave has been compromised, the whole cluster (including the master) is also compromised? Please help me understand this. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
