Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: core
Labels:
- 2.46.3-fixed
Environment:
Jenkins 2.32.3

Similar Issues:

Show

Noticed in a console logs of an upstream job:

Notifying upstream projects of job completion 
FATAL: Please login to access job upstream 
org.acegisecurity.AccessDeniedException: Please login to access job upstream 
at jenkins.model.Jenkins.getItem(Jenkins.java:2724) 
at jenkins.model.Jenkins.getItem(Jenkins.java:324) 
at jenkins.model.Jenkins.getItemByFullName(Jenkins.java:2830) 
at jenkins.model.Jenkins.getItemByFullName(Jenkins.java:2849) 
at jenkins.triggers.ReverseBuildTrigger.shouldTrigger(ReverseBuildTrigger.java:116) 
at jenkins.triggers.ReverseBuildTrigger.access$000(ReverseBuildTrigger.java:89) 
at jenkins.triggers.ReverseBuildTrigger$1.shouldTriggerBuild(ReverseBuildTrigger.java:146) 
at hudson.tasks.BuildTrigger.execute(BuildTrigger.java:247) 
at hudson.model.AbstractBuild$AbstractBuildExecution.cleanUp(AbstractBuild.java:681) 
at hudson.model.Build$BuildExecution.cleanUp(Build.java:200) 
at hudson.model.Run.execute(Run.java:1775) 
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) 
at hudson.model.ResourceController.execute(ResourceController.java:98) 
at hudson.model.Executor.run(Executor.java:404) 
Notifying upstream projects of job completion 
FATAL: Please login to access job <foldername> 
org.acegisecurity.AccessDeniedException: Please login to access job upstream 
at jenkins.model.Jenkins.getItem(Jenkins.java:2724) 
at jenkins.model.Jenkins.getItem(Jenkins.java:324) 
at jenkins.model.Jenkins.getItemByFullName(Jenkins.java:2830) 
at jenkins.model.Jenkins.getItemByFullName(Jenkins.java:2849) 
at jenkins.triggers.ReverseBuildTrigger.shouldTrigger(ReverseBuildTrigger.java:116) 
at jenkins.triggers.ReverseBuildTrigger.access$000(ReverseBuildTrigger.java:89) 
at jenkins.triggers.ReverseBuildTrigger$1.shouldTriggerBuild(ReverseBuildTrigger.java:146) 
at hudson.tasks.BuildTrigger.execute(BuildTrigger.java:247) 
at hudson.model.AbstractBuild$AbstractBuildExecution.cleanUp(AbstractBuild.java:681) 
at hudson.model.Build$BuildExecution.cleanUp(Build.java:200) 
at hudson.model.Run.execute(Run.java:1775) 
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) 
at hudson.model.ResourceController.execute(ResourceController.java:98) 
at hudson.model.Executor.run(Executor.java:404)

ReverseBuildTrigger.shouldTrigger should be impersonating SYSTEM.

This seems to happen because the anonymous user has Overall/Read and Item/Discover permission. The workaround is to remove the Item/Discover permission for the anonymous user.

is related to

JENKINS-42586 OldDataMonitor.referTo can throw AccessDeniedException

Open

JENKINS-42556 PlaceholderTask.runForDisplay vulnerable to AccessDeniedException

Resolved

JENKINS-63868 PlaceholderTask.getOwnerTask vulnerable to AccessDeniedException

Resolved

links to

CloudBees Internal OSS-2135

core-PR#2846

Assignee:: Allan BURDAJEWICZ

Reporter:: Allan BURDAJEWICZ

Votes:: 2 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2017-03-13 07:50

Updated:: 2020-10-06 13:26

Resolved:: 2017-05-05 14:14

Details

Description

Attachments

Issue Links

Activity

People

Dates