> > Don't grant anonymous users (or anyone who you don't trust fully) > administer permission on Jenkins.
Security is a funny thing. Sometimes things go wrong and that's why logs are important for discovering what happened when. I'll file something with the Jenkins team regarding script console logging. Thanks for the link. On Thu, Jan 26, 2017 at 5:51 PM, Daniel Beck <m...@beckweb.net> wrote: > > > On 26.01.2017, at 19:36, Adam Ochonicki <o...@articulate.com> wrote: > > > > Groovy script console is an attack vector with no logging > > Don't grant anonymous users (or anyone who you don't trust fully) > administer permission on Jenkins. > > > How do I log this with the core Jenkins team to address? > > If you believe this (or something related) to be a security vulnerability, > follow instructions on https://jenkins.io/security/ and we can review > this in private, taking appropriate action. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/jenkinsci-users/VFgm3H5W4PE/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > jenkinsci-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/jenkinsci-users/8EA628F8-DA37-4879-AD98-E5CCC5A4CA7E%40beckweb.net. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CA%2Bkz_p732OH0AyJXnt7Y0V-NTMWJd72nMqFMqjMcwUNuezZuQw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
