Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48896

anonymous read of cc.xml file works only for root (ldap)

      This refers to LDAP plugin. Exactly the same issue was raised and fixed against github-auth plugin in the past.

      It seems that the option to allow anonymous users to read the /cc.xml works only for the root one and not for those associated with other views, or the special "all" view which is exposed at /view/All/cc.xml

      This bug has a serious impact because due to it, it means that you can only expose the status of the jobs present on the default view. On any serious setup, the default view does not expose ALL jobs.

      Even worse, it seems that if you try to get the other cc.xml files you get a 403 but if you try to use basic auth, you will get a 500 error.

          [JENKINS-48896] anonymous read of cc.xml file works only for root (ldap)

          Oleg Nenashev added a comment -

          CC danielbeck and dnusbaum who were working on this area recently

          Oleg Nenashev added a comment - CC danielbeck and dnusbaum who were working on this area recently

          Daniel Beck added a comment -

          It is not clear to me what this is even referring to. The option mentioned, AFAICT, is specific to github-oauth plugin. So it'd be a bug if any cc.xml were accessible without Overall/Read permission.

          Daniel Beck added a comment - It is not clear to me what this is even referring to. The option mentioned, AFAICT, is specific to github-oauth plugin. So it'd be a bug if any cc.xml were accessible without Overall/Read permission.

          Sorin Sbarnea added a comment -

          Sorry for raising this. It seems that the issue is 100% unrelated to cc.xml. It seems to be something related to Anonymous configuration on one of the servers which caused this. I wasn't able to spot exactly which config item caused it but I do have a saved config.xml with the issue inside.

          I will analyse it and reopen the bug only if looks like a product bug and not a configuration mistake. Visual inspection of the two involved config screens did not bring any issues.

          Update: Strange, even after copying the entire authentication settings from the working master to the broken one, I am able to replicate the bug. 

          I am starting to believe that this issue is caused by some kind of regression on 2.89.3 because same config on 2.60.3 works well.

           

           

          Sorin Sbarnea added a comment - Sorry for raising this. It seems that the issue is 100% unrelated to cc.xml. It seems to be something related to Anonymous configuration on one of the servers which caused this. I wasn't able to spot exactly which config item caused it but I do have a saved config.xml with the issue inside. I will analyse it and reopen the bug only if looks like a product bug and not a configuration mistake. Visual inspection of the two involved config screens did not bring any issues. Update: Strange, even after copying the entire authentication settings from the working master to the broken one, I am able to replicate the bug.  I am starting to believe that this issue is caused by some kind of regression on  2.89.3  because same config on 2.60.3 works well.    

            kohsuke Kohsuke Kawaguchi
            ssbarnea Sorin Sbarnea
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: