|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
[JIRA] (JENKINS-16103) If Anonymous has overall read access, anyone can connect as a slave over JNLP
- [JIRA] (JENKINS-16103) If Anonymous has o... andrew.colle...@gmail.com (JIRA)
- [JIRA] (JENKINS-16103) If Anonymous ... andrew.colle...@gmail.com (JIRA)
- [JIRA] (JENKINS-16103) If Anonymous ... jgl...@cloudbees.com (JIRA)
- [JIRA] (JENKINS-16103) If Anonymous ... jgl...@cloudbees.com (JIRA)
- [JIRA] (JENKINS-16103) If Anonymous ... k...@kohsuke.org (JIRA)
Reproducible. core/src/main/resources/hudson/slaves/SlaveComputer/slave-agent.jnlp.jelly has <l:isAdminOrTest test="true"> which is basically a no-op; it seems to have been this way for years. Should this just be <l:hasPermission permission="${Computer.CONNECT}"> or similar?