Confirm there is no security issues in sharing the artefacts

imoutsatsos / Jenkins-JobConfigurationAnalyzer

A Jenkins utility job for analyzing and reporting the configuration of other jobs/projects

Apache License 2.0

1 stars 0 forks source link

Confirm there is no security issues in sharing the artefacts #2

Open kinow opened 7 years ago

kinow commented 7 years ago

Will check this later while playing with this tool.

But from what I understood after our talk about it, a user with View/Read access to the job, would have access to the whole config.xml, and a few other things from the build.

Would be nice to confirm that there is no security issue in doing that. In other words, if there is anything that normally you would need privileges, but you are still able to circumvent Jenkins' security mechanism with this tool, then we should document it :-)

imoutsatsos commented 7 years ago

Good point. I expect that this is a tool of interest to admins, and perhaps job developers. As a result only a group with these permissions should be able to view/read/execute this job. I'm glad you are thinking about these things @kinow ! Thank you!