diff --git a/core/src/main/java/hudson/model/Hudson.java b/core/src/main/java/hudson/model/Hudson.java
index 70748a883edfa7009da27db7036801fc1cca0296..7c442527d385fc6d4fe8c1dd090e00aac97a96c7 100644
--- a/core/src/main/java/hudson/model/Hudson.java
+++ b/core/src/main/java/hudson/model/Hudson.java
@@ -1796,9 +1796,12 @@ public final class Hudson extends Node implements ItemGroup<TopLevelItem>, Stapl
      *      Used only for mapping jobs to URL in a case-insensitive fashion.
      */
     public TopLevelItem getJobCaseInsensitive(String name) {
+        String match = Functions.toEmailSafeString(name);
         for (Entry<String, TopLevelItem> e : items.entrySet()) {
-            if(Functions.toEmailSafeString(e.getKey()).equalsIgnoreCase(Functions.toEmailSafeString(name)))
-                return e.getValue();
+            if(Functions.toEmailSafeString(e.getKey()).equalsIgnoreCase(match)) {
+                TopLevelItem item = e.getValue();
+                return item.hasPermission(Item.READ) ? item : null;
+            }
         }
         return null;
     }
diff --git a/test/src/test/java/hudson/model/JobTest.java b/test/src/test/java/hudson/model/JobTest.java
index 007361b05a2d27b4b8089e9e75c14e887ea880ee..edd18c7a6d7c27e90f6981a0432c162e71b26c07 100644
--- a/test/src/test/java/hudson/model/JobTest.java
+++ b/test/src/test/java/hudson/model/JobTest.java
@@ -23,6 +23,7 @@
  */
 package hudson.model;
 
+import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
 import com.gargoylesoftware.htmlunit.WebAssert;
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
 
@@ -30,6 +31,7 @@ import hudson.util.TextFile;
 import java.io.IOException;
 import java.util.concurrent.CountDownLatch;
 import org.jvnet.hudson.test.HudsonTestCase;
+import org.jvnet.hudson.test.recipes.LocalData;
 
 /**
  * @author Kohsuke Kawaguchi
@@ -157,4 +159,20 @@ public class JobTest extends HudsonTestCase {
             }
         }
     }
+
+    @LocalData
+    public void testReadPermission() throws Exception {
+        WebClient wc = new WebClient();
+        try {
+            HtmlPage page = wc.goTo("/job/testJob/");
+            fail("getJob bypassed READ permission: " + page.getTitleText() + page.getBody().asText());
+        } catch (FailingHttpStatusCodeException expected) { }
+        try {
+            HtmlPage page = wc.goTo("/jobCaseInsensitive/testJob/");
+            fail("getJobCaseInsensitive bypassed READ permission: " + page.getTitleText());
+        } catch (FailingHttpStatusCodeException expected) { }
+        wc.login("joe");  // Has Item.READ permission
+        wc.goTo("/job/testJob/");
+        wc.goTo("/jobCaseInsensitive/TESTJOB/");
+    }
 }
diff --git a/test/src/test/resources/hudson/model/JobTest/testReadPermission.zip b/test/src/test/resources/hudson/model/JobTest/testReadPermission.zip
new file mode 100644
index 0000000000000000000000000000000000000000..0332f404e4d2a71ffb4848a8199b167f33a47644
Binary files /dev/null and b/test/src/test/resources/hudson/model/JobTest/testReadPermission.zip differ