-
Bug
-
Resolution: Fixed
-
Minor
Jenkins.getInstance().getCrumbIssuer() method could potentially be null and the Admin user creation page is not checking it.
See the comment from amuniz in https://github.com/jenkinsci/jenkins/commit/3c3977395633db0a2c9a29550e0249451fa97ba0#commitcomment-21985458
- links to
[JENKINS-44010] Check nullability of getCrumbIssuer() on the Wizard
Description | Original: Jenkins.getInstance().getCrumbIssuer() could potentially be {null} and the Admin user creation page is not checking it. | New: Jenkins.getInstance().getCrumbIssuer() could potentially be {{null}} and the Admin user creation page is not checking it. |
Description | Original: Jenkins.getInstance().getCrumbIssuer() could potentially be {{null}} and the Admin user creation page is not checking it. | New: {{Jenkins.getInstance().getCrumbIssuer()}} method could potentially be {{null}} and the Admin user creation page is not checking it. |
Description | Original: {{Jenkins.getInstance().getCrumbIssuer()}} method could potentially be {{null}} and the Admin user creation page is not checking it. |
New:
{{Jenkins.getInstance().getCrumbIssuer()}} method could potentially be {{null}} and the Admin user creation page is not checking it. See the comment from [~amuniz] in https://github.com/jenkinsci/jenkins/commit/3c3977395633db0a2c9a29550e0249451fa97ba0#commitcomment-21985458 |
Labels | New: regression |
Link | New: This issue blocks SECURITY-412 [ SECURITY-412 ] |
Assignee | New: Jesse Glick [ jglick ] |
Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
If you expect it to be backported, there should be much better description of the problem and the impact. As jglick said in another chat, this is probably a bad use-case