[JIRA] Created: (JENKINS-8759) Security issue with unshelving project showing too much information

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[JIRA] Created: (JENKINS-8759) Security issue with unshelving project showing too much information

Jenkins dev mailing list
Security issue with unshelving project showing too much information
-------------------------------------------------------------------

                 Key: JENKINS-8759
                 URL: http://issues.jenkins-ci.org/browse/JENKINS-8759
             Project: Jenkins
          Issue Type: Bug
          Components: shelve-project-plugin
            Reporter: ashlux
            Assignee: ashlux
            Priority: Critical


When unshelving a project, the input value is the actual directory and name of the zip file for the shelved project.

For example:

                                aaaaaa (archived on Thu, 10 Feb 2011 16:36:22 -0600)<br /><input name="projects" value="/home/ashlux/dev/jenkins/plugins/shelve-project-plugin-plugin/./work/shelvedProjects/cccccccc-1297379255865.zip" type="checkbox" />
                                cccccccc (archived on Thu, 10 Feb 2011 17:07:35 -0600)<br /><input name="projects" value="/home/ashlux/dev/jenkins/plugins/shelve-project-plugin-plugin/./work/shelvedProjects/xxxxxxx-1297377352322.zip" type="checkbox" />



--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       
Reply | Threaded
Open this post in threaded view
|

[JIRA] Closed: (JENKINS-8759) Security issue with unshelving project showing too much information

JIRA noreply@jenkins-ci.org

     [ http://issues.jenkins-ci.org/browse/JENKINS-8759?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

ashlux closed JENKINS-8759.
---------------------------

    Resolution: Fixed

> Security issue with unshelving project showing too much information
> -------------------------------------------------------------------
>
>                 Key: JENKINS-8759
>                 URL: http://issues.jenkins-ci.org/browse/JENKINS-8759
>             Project: Jenkins
>          Issue Type: Bug
>          Components: shelve-project-plugin
>            Reporter: ashlux
>            Assignee: ashlux
>            Priority: Critical
>
> When unshelving a project, the input value is the actual directory and name of the zip file for the shelved project.
> For example:
>                                 aaaaaa (archived on Thu, 10 Feb 2011 16:36:22 -0600)<br /><input name="projects" value="/home/ashlux/dev/jenkins/plugins/shelve-project-plugin-plugin/./work/shelvedProjects/cccccccc-1297379255865.zip" type="checkbox" />
>                                 cccccccc (archived on Thu, 10 Feb 2011 17:07:35 -0600)<br /><input name="projects" value="/home/ashlux/dev/jenkins/plugins/shelve-project-plugin-plugin/./work/shelvedProjects/xxxxxxx-1297377352322.zip" type="checkbox" />

--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira