|
||||||||||||||
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
[JIRA] (JENKINS-15213) email-ext 2.22+ allows any user with configure permission for a single job to circumvent Jenkins security
slide.o....@gmail.com (JIRA) Tue, 11 Dec 2012 08:19:45 -0800
- [JIRA] (JENKINS-15213) email-ext 2.22+ allo... slide.o....@gmail.com (JIRA)
- [JIRA] (JENKINS-15213) email-ext 2.22+... slide.o....@gmail.com (JIRA)
- [JIRA] (JENKINS-15213) email-ext 2.22+... slide.o....@gmail.com (JIRA)
- [JIRA] (JENKINS-15213) email-ext 2.22+... slide.o....@gmail.com (JIRA)
- [JIRA] (JENKINS-15213) email-ext 2.22+... scm_issue_l...@java.net (JIRA)
Added a sandbox around the pre-send script execution that when security is enabled the user will not be able to access the Jenkins/Hudson instance. This is different than the implementation used in the groovy postbuild plugin which can easily be subverted.