Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-41516

Groovy script console actions should be logged

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • 2.427

      The Groovy script console (/script) does not log actions to the Jenkins log. The actions do not appear to be logged to the system anywhere. This allows an attacker or inside actor to perform actions against a Jenkins server via Groovy script console with no trail of what was done. In our case we had a misconfigured test Jenkins server which allowed open access to /script. Someone injected a bitcoin mining script via the Groovy script console which we found as a running process on the system. There was no log of this event in Jenkins. Now the misconfiguration of our test server was a big mistake but not having logs as a way to audit the specific actions that were performed is a big mistake on the part of Jenkins core which can amplify a user's mistake.

          [JENKINS-41516] Groovy script console actions should be logged

          Adam Ochonicki created issue -
          Adam Ochonicki made changes -
          Labels New: groovy logging script security
          R. Tyler Croy made changes -
          Component/s New: core [ 15593 ]
          Component/s Original: core [ 21434 ]
          Key Original: WEBSITE-294 New: JENKINS-41516
          Workflow Original: WEBSITE: Software Development Workflow [ 215535 ] New: JNJira + In-Review [ 215536 ]
          Project Original: Jenkins Website [ 10401 ] New: Jenkins [ 10172 ]
          Status Original: To Do [ 10003 ] New: Open [ 1 ]
          R. Tyler Croy made changes -
          Labels Original: groovy logging script security
          Daniel Beck made changes -
          Issue Type Original: Bug [ 1 ] New: Improvement [ 4 ]
          Labels New: logging security
          Summary Original: Groovy script console actions not logged New: Groovy script console actions should be logged
          Daniel Beck made changes -
          Assignee New: Daniel Beck [ danielbeck ]
          Paul Deauna made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Paul Deauna made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Daniel Beck made changes -
          Status Original: In Review [ 10005 ] New: In Progress [ 3 ]
          Daniel Beck made changes -
          Status Original: In Progress [ 3 ] New: Open [ 1 ]
          Daniel Beck made changes -
          Link New: This issue is duplicated by JENKINS-62397 [ JENKINS-62397 ]

            danielbeck Daniel Beck
            fromonesrc Adam Ochonicki
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: