• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • core

      If you trigger an uncaught error in Stapler, such as browsing /static/ prior to stapler 552aaab, the stack trace is displayed in the web browser. This is usually harmless but there could in principle be stack traces which expose internal details of value to an attacker. These should be suppressed.

          [JENKINS-17782] Internal stack traces exposed to users

          Code changed in jenkins
          User: Jesse Glick
          Path:
          core/src/main/java/hudson/security/csrf/CrumbFilter.java
          core/src/main/java/jenkins/model/Jenkins.java
          core/src/main/resources/jenkins/model/Jenkins/error.jelly
          core/src/main/resources/jenkins/model/Jenkins/error.properties
          war/src/main/webapp/WEB-INF/web.xml
          http://jenkins-ci.org/commit/jenkins/121c1312d5bd9c69f5d9a859926659217c69e61d
          Log:
          JENKINS-17782 Set a custom error page for the web app and suppress stack traces for non-administrators.
          Needs a matching change in Stapler.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/security/csrf/CrumbFilter.java core/src/main/java/jenkins/model/Jenkins.java core/src/main/resources/jenkins/model/Jenkins/error.jelly core/src/main/resources/jenkins/model/Jenkins/error.properties war/src/main/webapp/WEB-INF/web.xml http://jenkins-ci.org/commit/jenkins/121c1312d5bd9c69f5d9a859926659217c69e61d Log: JENKINS-17782 Set a custom error page for the web app and suppress stack traces for non-administrators. Needs a matching change in Stapler.

          Jesse Glick added a comment -

          Jesse Glick added a comment - https://github.com/stapler/stapler/pull/15 and https://github.com/jenkinsci/jenkins/pull/765 have an impl.

          I'm worried about the drop in the quality of reported bug due to this change.

          It seems to me that the number of cases where the stack trace is security sensitive is very small, whereas the stack trace is often very useful in identifying where the problem is and how to work around.

          Could this functionality be moved to another plugin that can be installed by security conscious deployments?

          Kohsuke Kawaguchi added a comment - I'm worried about the drop in the quality of reported bug due to this change. It seems to me that the number of cases where the stack trace is security sensitive is very small, whereas the stack trace is often very useful in identifying where the problem is and how to work around. Could this functionality be moved to another plugin that can be installed by security conscious deployments?

          Jesse Glick added a comment -

          There is no way the functionality could be moved. Perhaps rather than checking ADMINISTER some new permission could be introduced, but then you have the usual problem of defaulting it to on.

          Jesse Glick added a comment - There is no way the functionality could be moved. Perhaps rather than checking ADMINISTER some new permission could be introduced, but then you have the usual problem of defaulting it to on.

          Kohsuke Kawaguchi added a comment - Implemented as a plugin: https://wiki.jenkins-ci.org/display/JENKINS/Suppress+Stack+Trace+Plugin

            kohsuke Kohsuke Kawaguchi
            jglick Jesse Glick
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: