[BAM-3239] REST API updateAndBuild.action can be abused if no IP address is specified

Type: Suggestion
Resolution: Obsolete
Fix Version/s: None
Component/s: REST API
Labels:
None

UIS:
0
Support reference count:
1
Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

currently no authorization is required - updateAndBuild.action is designed to work with repository scripts to push builds from the repository server. It is not designed to be used by 'users' from a random IP address. Thus the IP address of the repository has to be specified to make this command api call safe. Otherwise it is not safe and can be abused. The IP address field should not be optional. It should be dedicated to the repository IP address to avoid a possible remote attack.

is related to

BAM-3238 present a message to remote client if /api/rest/updateAndBuild.action?buildKey=PLAN-KEY did not trigger a build

Closed

relates to

BAM-3325 updateAndBuild API should be more normal

Closed

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: Ulrich Kuhnhardt [Atlassian]

Votes:: 1 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 25/Nov/2008 5:41 AM

Updated:: 19/Sep/2019 5:46 AM

Resolved:: 12/Apr/2019 10:46 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates