Community
Participate
Working Groups
For Hudson own user database at least if a user is logged in a web browser they can still run commands against the server even though their account has been deleted. I assume the same would be true for LDAP etc.. Steps to reproduce: 1. Create a two user and a few jobs with security provided by matrixed hudson own user database. 2. Login as the second user in a web browser 3. As the first user delete the second 4. User 2 can still build a job from the web ui if they remain on that page. A user should be rechecked before being allowed to rn an action
You are not even logged out on page change and can by visiting the people page and changing your password re-add yourself as a user to the security realm! Increasing the severity accordingly
The Eclipse Hudson project has been terminated and archived.