Merge pull request #99 from jenkinsci-cert/SECURITY-389

[SECURITY-389] Check ADMINISTER on /fingerprintCleanup and /workspaceCleanup
jenkinsci · Jan 9, 2017 · 97a61a9 · 97a61a9
2 parents 13905d8 + 9ce5405
commit 97a61a9
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/core/src/main/java/jenkins/model/Jenkins.java b/core/src/main/java/jenkins/model/Jenkins.java
@@ -3620,6 +3620,7 @@ public void doIconSize( StaplerRequest req, StaplerResponse rsp ) throws IOExcep
 
     @RequirePOST
     public void doFingerprintCleanup(StaplerResponse rsp) throws IOException {
+        checkPermission(ADMINISTER);
         FingerprintCleanupThread.invoke();
         rsp.setStatus(HttpServletResponse.SC_OK);
         rsp.setContentType("text/plain");
@@ -3628,6 +3629,7 @@ public void doFingerprintCleanup(StaplerResponse rsp) throws IOException {
 
     @RequirePOST
     public void doWorkspaceCleanup(StaplerResponse rsp) throws IOException {
+        checkPermission(ADMINISTER);
         WorkspaceCleanupThread.invoke();
         rsp.setStatus(HttpServletResponse.SC_OK);
         rsp.setContentType("text/plain");