[SECURITY-5] Add several missing permission checks in CLI commands.
Current CLI is always available and most commands can be run by anonymous users. Now only a short help message and the login command are available for anonymous in a Hudson without anonymous read permission, and each individual command also checks the appropriate permission for that command. Details: * Vulnerable CLI commands now fixed: build, clear-queue, copy-job, create-job, delete-builds, delete-job, disable-job, enable-job, install-plugin, install-tool, keep-build, mail, restart, safe-restart, set-build-result * Broken CLI commands now fixed: connect-node, delete-node, disconnect-node, offline-node, online-node * Other vulnerable command (not CLI) now fixed: /gc (JVM garbage collect) git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@33626 71c3de6d-444a-0410-be80-ed276b4c234a
Please register or sign in to comment