Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cbi-dev] Make job config publicly visible by default?

On Wed, Oct 10, 2018 at 11:41 AM Frederic Gurr <frederic.gurr@xxxxxxxxxxxxxxxxxxxxxx> wrote:
By default, anonymous users have the following permissions:
* Overall/Read
* Job/Read
So anonymous users can see build results, build artifacts & console logs.

Ok, so that could be an issue with my specific pipeline job then.
On , if I'm not logged in, I can't see the Pull Request jobs. I'd like any user to be able to look at PR build status.

By default, all logged in committers also have the following permission:
* Job/ExtendedRead
This allows to *read* the job configuration.

Ok, good then.

Allowing non-privileged users to read the job configuration *can* be a
potential security issue.

Out of curiosity, what kind of security issue could it be?

Back to the top