Skip to content
Commit d4c9e40b authored by mindless's avatar mindless
Browse files

[SECURITY-5] Add several missing permission checks in CLI commands. 

Current CLI is always available and most commands can be run by anonymous users.
Now only a short help message and the login command are available for anonymous
in a Hudson without anonymous read permission, and each individual command also
checks the appropriate permission for that command.  Details:
* Vulnerable CLI commands now fixed:
  build, clear-queue, copy-job, create-job, delete-builds, delete-job,
  disable-job, enable-job, install-plugin, install-tool, keep-build,
  mail, restart, safe-restart, set-build-result
* Broken CLI commands now fixed:
  connect-node, delete-node, disconnect-node, offline-node, online-node
* Other vulnerable command (not CLI) now fixed: /gc (JVM garbage collect)


git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@33626 71c3de6d-444a-0410-be80-ed276b4c234a
parent 75cc09e9
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment