[JIRA] (JENKINS-61316) role-strategy-plugin shows all users for all users

17 views
Skip to first unread message

vladimir.camaj@gmail.com (JIRA)

unread,
Mar 3, 2020, 6:05:02 PM3/3/20
to jenkinsc...@googlegroups.com
Vladimír Čamaj created an issue
 
Jenkins / Bug JENKINS-61316
role-strategy-plugin shows all users for all users
Issue Type: Bug Bug
Assignee: Vladimír Čamaj
Attachments: Screenshot (79).png, Screenshot (80).png
Components: role-strategy-plugin
Created: 2020-03-03 23:04
Environment: Win 10, Java 8, Jenkins 2.204.2
Labels: plugin role_strategy
Priority: Major Major
Reporter: Vladimír Čamaj

 I have a role to show only jobs related to pattern. It has permission only to read, build and discover jobs. Nothing else. And it works BUT as I am logged in as user in this role I am able to see all other users. What is it? There is no permission to see users so how is it possible? You can see settings in the picture.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo

vladimir.camaj@gmail.com (JIRA)

unread,
Mar 3, 2020, 6:05:03 PM3/3/20
to jenkinsc...@googlegroups.com
Vladimír Čamaj updated an issue
Change By: Vladimír Čamaj
Attachment: Screenshot (80).png

o.v.nenashev@gmail.com (JIRA)

unread,
Mar 16, 2020, 8:28:02 AM3/16/20
to jenkinsc...@googlegroups.com
Oleg Nenashev updated an issue
Change By: Oleg Nenashev
Labels: plugin role_strategy security

o.v.nenashev@gmail.com (JIRA)

unread,
Mar 16, 2020, 8:40:02 AM3/16/20
to jenkinsc...@googlegroups.com
Oleg Nenashev commented on Bug JENKINS-61316
 
Re: role-strategy-plugin shows all users for all users

Currently Jenkins user listing is tied to the Overall/read permission, so all users with such permission will be able to see users. It is managed by the Jenkins Core, so there is nothing what could be done on the plugin level.

P.S: FTR you assigned the issue to yourself while creating it, so I have never received a notification

 

o.v.nenashev@gmail.com (JIRA)

unread,
Mar 16, 2020, 8:40:03 AM3/16/20
to jenkinsc...@googlegroups.com
Oleg Nenashev updated an issue
Change By: Oleg Nenashev
Component/s: core
Component/s: role-strategy-plugin

o.v.nenashev@gmail.com (JIRA)

unread,
Mar 16, 2020, 8:41:02 AM3/16/20
to jenkinsc...@googlegroups.com
Oleg Nenashev updated Bug JENKINS-61316
 

I believe it is a full duplicate of JENKINS-18884 (thanks to Daniel Beck for the link)
Change By: Oleg Nenashev
Status: Open Fixed but Unreleased
Resolution: Duplicate

o.v.nenashev@gmail.com (JIRA)

unread,
Mar 16, 2020, 8:41:02 AM3/16/20
to jenkinsc...@googlegroups.com
Change By: Oleg Nenashev
Status: Fixed but Unreleased Resolved

vladimir.camaj@gmail.com (JIRA)

unread,
Mar 16, 2020, 9:00:02 AM3/16/20
to jenkinsc...@googlegroups.com
Vladimír Čamaj commented on Bug JENKINS-61316
 
Re: role-strategy-plugin shows all users for all users

Yes this seems to be dulicate BUT it was created at 2013-07-23. What is that? Reason to stop using Jenkins?  

o.v.nenashev@gmail.com (JIRA)

unread,
Mar 16, 2020, 9:48:02 AM3/16/20
to jenkinsc...@googlegroups.com

Reason to contribute if you are interested in this issue Vladimír Čamaj. Jenkins is a community-driven project, and everyone is welcome to submit a pull request for changes affecting them. Or to facilitate it otherwise. We do not provide support with SLAs as a community

vladimir.camaj@gmail.com (JIRA)

unread,
Mar 16, 2020, 10:59:17 AM3/16/20
to jenkinsc...@googlegroups.com

But this is security issue. Who wrote that code? I am not able to fix random language or project I have ever used....
Reply all
Reply to author
Forward
0 new messages