Ensure proper permission checks are performed during configuration, reindexing and searching [CVE 2022 36910] - Githubissues

jenkinsci / lucene-search-plugin

Jenkins plugin for searching job data via Lucene or Solr

https://plugins.jenkins.io/lucene-search

MIT License

5 stars 12 forks source link

Ensure proper permission checks are performed during configuration, reindexing and searching [CVE 2022 36910] #55

Closed tdraebing closed 1 year ago

tdraebing commented 1 year ago

This PR fixes some issues that prevented mvn clean install to run, i.e. blocked HTTP repositories and spotbug findings. It then fixes the published CVE 2022 36910.

This includes:

Fix display of Use Security option in configuration menus
Enable Use Security by default
Check Admin capabilities in global configuration section
Check Admin capabilities for all actions concerning (re-)building the index

This CVE currently blocks publishing of another plugin using this one: https://github.com/jenkins-infra/repository-permissions-updater/issues/2947

[x] Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
[x] Ensure that the pull request title represents the desired changelog entry
[x] Please describe what you did
[x] Link to relevant issues in GitHub or Jira
[x] Link to relevant pull requests, esp. upstream and downstream changes
[ ] Ensure you have provided tests - that demonstrates feature works or fixes the issue