Bug 580084 - Jenkins URL exposed
Summary: Jenkins URL exposed
Status: RESOLVED INVALID
Alias: None
Product: Community
Classification: Eclipse Foundation
Component: Vulnerability Reports (show other bugs)
Version: unspecified   Edit
Hardware: PC Windows 10
: P3 critical (vote)
Target Milestone: ---   Edit
Assignee: Security vulnerabilitied reported against Eclipse projects CLA
QA Contact:
URL:
Whiteboard:
Keywords: security
Depends on:
Blocks:
 
Reported: 2022-06-05 17:51 EDT by Nilesh Patil CLA
Modified: 2022-06-07 04:52 EDT (History)
2 users (show)

See Also:

Attachments
Dashboard page (160.78 KB, image/jpeg)
2022-06-05 17:51 EDT, Nilesh Patil CLA 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nilesh Patil CLA 2022-06-05 17:51:01 EDT 
Created attachment 288562 [details]
Dashboard page

Hello Security Team,

I am able to see you Jenkins Pages and can get all logs whatever in Jenkins Dashboard.
I see this is sensitive info and should be exposed.

Please let me know if you need any other info.

Thanks
Comment 1 Wayne Beaton CLA 2022-06-06 14:26:02 EDT 
Eclipse open source project builds are intentionally transparent. AFAICT, there is no exposure of private or sensitive information.

This is, I believe, working completely as intended.

I've marked this as INVALID. 

Mikael, please reopen if my assessment is incorrect and further action is required.
Comment 2 Mikaël Barbero CLA 2022-06-07 04:52:38 EDT 
Agree, this is intentional.