Anonymous user is able to download artifacts even if Anonymous mode is disabled both at global level and plan level

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: High
    • 2.0 beta 4, 2.0
    • Affects Version/s: 1.2.4
    • Component/s: Security
    • None

      1. Disable Anonymous in Global permissions
      2. Create a plan with anonymous access disabled
      3. Make a build with artifacts
      4. Copy artifact URL to clipboard
      5. Log out or open another browser window
      6. Paste the URL into browser
      Expected: login screen or Access Denied message
      Actual: artifact is vieable and downloadable

      Note: it seems that download servlet isn't secured anyway.

            Assignee:
            MarkC
            Reporter:
            Eugene Gavrilov
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 4h
                4h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 4h
                4h