• Type: Bug
• Resolution: Fixed
• Priority: Critical
• Component/s: github-oauth-plugin
• Labels:

  None
• Environment:

  OS: Ubuntu 18.04.2 - 64 bit
  Java: openjdk version "1.8.0_191"
  github-oauth-plugin: 0.32
  Jenkins: 2.164.2
  

1. 

   users.png

   29 kB

   2019-04-23 12:38

[JENKINS-57154] Regression in github-oauth-plugin 0.32 breaks /configureSecurity page

Francisco Guimaraes created issue - 2019-04-23 12:36

Francisco Guimaraes made changes - 2019-04-23 12:36

Description

Original: After upgrading to github-oauth-plugin 0.32 I started to see this error in `/configureSecurity` when it tries to retrieve the name of a github user: {noformat} HTTP ERROR 403 Problem accessing /descriptorByName/hudson.security.ProjectMatrixAuthorizationStrategy/checkName. Reason: Forbidden {noformat}   The first user is has its name retrieved successfully but all others has the error mentioned above.   See the attachment *users.png*.

New: After upgrading to github-oauth-plugin 0.32 I started to see this error in `/configureSecurity` when it tries to retrieve the name of a github user: {noformat} HTTP ERROR 403 Problem accessing /descriptorByName/hudson.security.ProjectMatrixAuthorizationStrategy/checkName. Reason: Forbidden {noformat}   The first user is has its name retrieved successfully but all others has the error mentioned above.   See the attachment *users.png*.

Francisco Guimaraes made changes - 2019-04-23 12:37

Description

Original: After upgrading to github-oauth-plugin 0.32 I started to see this error in `/configureSecurity` when it tries to retrieve the name of a github user: {noformat} HTTP ERROR 403 Problem accessing /descriptorByName/hudson.security.ProjectMatrixAuthorizationStrategy/checkName. Reason: Forbidden {noformat}   The first user is has its name retrieved successfully but all others has the error mentioned above.   See the attachment *users.png*.

New: After upgrading to github-oauth-plugin 0.32 I started to see this error in `/configureSecurity` when it tries to retrieve the name of a github user: {noformat} HTTP ERROR 403 Problem accessing /descriptorByName/hudson.security.ProjectMatrixAuthorizationStrategy/checkName. Reason: Forbidden {noformat}   The first user is has its name retrieved successfully but all others hve the error mentioned above.   See the attachment *users.png*.

Francisco Guimaraes made changes - 2019-04-23 12:37

Description

Original: After upgrading to github-oauth-plugin 0.32 I started to see this error in `/configureSecurity` when it tries to retrieve the name of a github user: {noformat} HTTP ERROR 403 Problem accessing /descriptorByName/hudson.security.ProjectMatrixAuthorizationStrategy/checkName. Reason: Forbidden {noformat}   The first user is has its name retrieved successfully but all others hve the error mentioned above.   See the attachment *users.png*.

New: After upgrading to github-oauth-plugin 0.32 I started to see this error in `/configureSecurity` when it tries to retrieve the name of a github user: {noformat} HTTP ERROR 403 Problem accessing /descriptorByName/hudson.security.ProjectMatrixAuthorizationStrategy/checkName. Reason: Forbidden {noformat}   The first user is has its name retrieved successfully but all others have the error mentioned above.   See the attachment *users.png*.

Francisco Guimaraes made changes - 2019-04-23 12:37

Attachment

Original: users.png [ 46854 ]

Francisco Guimaraes made changes - 2019-04-23 12:38

Attachment

New: users.png [ 46855 ]

Francisco Guimaraes made changes - 2019-04-23 12:38

Description

Original: After upgrading to github-oauth-plugin 0.32 I started to see this error in `/configureSecurity` when it tries to retrieve the name of a github user: {noformat} HTTP ERROR 403 Problem accessing /descriptorByName/hudson.security.ProjectMatrixAuthorizationStrategy/checkName. Reason: Forbidden {noformat}   The first user is has its name retrieved successfully but all others have the error mentioned above.   See the attachment *users.png*.

New: After upgrading to github-oauth-plugin 0.32 I started to see this error in `/configureSecurity` when it tries to retrieve the name of a github user: {noformat} HTTP ERROR 403 Problem accessing /descriptorByName/hudson.security.ProjectMatrixAuthorizationStrategy/checkName. Reason: Forbidden {noformat}   The first user has its name retrieved successfully but all others have the error mentioned above.   See the attachment *users.png*.

Francisco Guimaraes made changes - 2019-04-23 12:43

Description

Original: After upgrading to github-oauth-plugin 0.32 I started to see this error in `/configureSecurity` when it tries to retrieve the name of a github user: {noformat} HTTP ERROR 403 Problem accessing /descriptorByName/hudson.security.ProjectMatrixAuthorizationStrategy/checkName. Reason: Forbidden {noformat}   The first user has its name retrieved successfully but all others have the error mentioned above.   See the attachment *users.png*.

New: After upgrading to github-oauth-plugin 0.32 I started to see this error in */configureSecurity* when it tries to retrieve the name of a github user: {noformat} HTTP ERROR 403 Problem accessing /descriptorByName/hudson.security.ProjectMatrixAuthorizationStrategy/checkName. Reason: Forbidden {noformat}   The first user has its name retrieved successfully but all others have the error mentioned above.   See the attachment *users.png*.

Francisco Guimaraes made changes - 2019-04-23 12:44

Description

Original: After upgrading to github-oauth-plugin 0.32 I started to see this error in */configureSecurity* when it tries to retrieve the name of a github user: {noformat} HTTP ERROR 403 Problem accessing /descriptorByName/hudson.security.ProjectMatrixAuthorizationStrategy/checkName. Reason: Forbidden {noformat}   The first user has its name retrieved successfully but all others have the error mentioned above.   See the attachment *users.png*.

New: After upgrading to github-oauth-plugin 0.32 I started to see this error in */configureSecurity* when it tries to retrieve the name of a github user: {noformat} HTTP ERROR 403 Problem accessing /descriptorByName/hudson.security.ProjectMatrixAuthorizationStrategy/checkName. Reason: Forbidden {noformat}   The first user has its name retrieved successfully but all others have the error mentioned above.   See the attachment *users.png*.   The workaround for now is revert to 0.31.

Collapse comment: Ionut Balutoiu added a comment - 2019-05-02 10:35

Ionut Balutoiu added a comment - 2019-05-02 10:35

This issue affects me as well.

Considering that version 0.31 is affected by a CSRF vulnerability (https://jenkins.io/security/advisory/2019-04-30/#SECURITY-443), do you guys have any ETA for fixing this, so we can update to 0.32 as soon as possible ?

Without any workaround for this issue, it's hard to maintain a Matrix-based security authorization using 0.32, since you'll get error 403 for every user present there.

 

Thank-you,

Ionut

Expand comment: Ionut Balutoiu added a comment - 2019-05-02 10:35

Ionut Balutoiu added a comment - 2019-05-02 10:35 This issue affects me as well. Considering that version  0.31 is affected by a CSRF vulnerability ( https://jenkins.io/security/advisory/2019-04-30/#SECURITY-443 ), do you guys have any ETA for fixing this, so we can update to  0.32 as soon as possible ? Without any workaround for this issue, it's hard to maintain a Matrix-based security authorization using 0.32 , since you'll get error 403 for every user present there.   Thank-you, Ionut

Load more newer events