DEF0417750: [Security Bug] Credential leakage through SSRF | Open source

jenkinsci · Jun 30, 2023 · 67192e2 · 67192e2
1 parent d7d2422
commit 67192e2
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/main/java/io/jenkins/plugins/config/DevOpsConfiguration.java b/src/main/java/io/jenkins/plugins/config/DevOpsConfiguration.java
@@ -238,7 +238,7 @@ public FormValidation doTestConnection(@QueryParameter("instanceUrl") String ins
 		List<DomainRequirement> drl = null;
 		ItemGroup itemGroup = null;
 		Authentication authentication = null;
-		Jenkins.get().checkPermission(Jenkins.MANAGE);
+		Jenkins.get().checkPermission(Jenkins.ADMINISTER);
 		if (GenericUtils.isEmpty(instanceUrl))
 			return FormValidation.error("Please provide the url!");
 
@@ -517,4 +517,4 @@ public String getPolicyValidationURL() {
 				? String.format("%s/api/now/table/sn_cdm_policy_validation_result", getTrimmedUrl(getInstanceUrl()))
 				: null;
 	}
-}
+}