Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-12585

SECURITY: LDAP authenticated users switch accounts randomly

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • _unsorted
    • None

      Running Jenkins behind Apache: mod_proxy with HTTPS
      https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+behind+Apache
      So our setup is
      Open Directory group
      jenkins-admin - Jenkins Admins all
      dev-group-a - Developers can view kick off builds

      Project-based Matrix Authorization Strategy
      Admin all checked
      dev-group-a checked: Overall:Read Job:Read,Build Run:Update
      dev-group-b checked: Overall:Read Job:Read

      issue is I'm an admin and random developer will login and see that there user id is mine and can admin jenkins.

      there has been reported cases that developer A will login and actually be reported by jenkins as Developer B
      were they can no longer trigger CI builds

      My biggest concern is when users login and are reporting as admins and have full access to jenkins.

          [JENKINS-12585] SECURITY: LDAP authenticated users switch accounts randomly

            kohsuke Kohsuke Kawaguchi
            geevez guillermo c
            Votes:
            10 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: