Red Hat Bugzilla – Bug 1032397
CVE-2013-6373 Jenkins: lack of access control in Exclusion plugin (SECURITY-53)
Last modified: 2013-11-21 18:54:28 EST
Kohsuke Kawaguchi reports:
lack of access control in Exclusion plugin
if an anonymous user views Jenkins, the link to the management function "Exclusion Administration" remains visible in the top left hand corent of the Jenkins main page, and can be clicked.
This was originally reported by mwebbe
This is now public:
Upstream patch commit:
Not affected. This issue did not affect Jenkins as shipped with various Red Hat products, as they do not include the Jenkins Exclusion plugin.