Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62488

Internal data exposed via http<jenkinsbase>/userContent/nga/logs/



    • Similar Issues:


      We are currently evaluating the use of the hp-application-automation-tools-plugin in our setup to better integrate the mf tools with our established CI/CD pipeline. The huge amount of functionality packed into one plugin makes it hared to see the side effects.

      After installation of the plugin we observed that internal data about the Jenkins installation and Job names is exposed at the Url: https://<jenkinsRoot>/userContent/nga/logs/ to users with minimum permissions on the Jenkins install. The data includes Jobs that are not related to the mf integration at all.

      26/05/2020 15:47:04,102 INFO  [EventsServiceWorker-155                           ] EventsServiceImpl               : [http://foo.example.com:8080?p=1001] sending [sbs-admin/job/sbs-admin-infra-bitbucket/job/sbs-infra/job/sbs-jenkins-git-backup:7781:STARTED, Checkout:7781:STARTED, Checkout:7781:FINISHED, Backup to GIT:7781:STARTED, Backup to GIT:7781:FINISHED, sbs-admin/job/sbs-admin-infra-bitbucket/job/sbs-infra/job/sbs-jenkins-git-backup:7781:FINISHED] event/s ...
      26/05/2020 15:48:14,149 INFO  [EventsServiceWorker-155                           ] EventsServiceImpl               : [http://foo.example.com:8080?p=1001] sending [community/job/sbs-fat-spring-pipeline/job/feature%2Fbitbucket-jenkins-plugin-testing:1:STARTED] event/s ...
      26/05/2020 15:48:16,206 INFO  [EventsServiceWorker-155                           ] EventsServiceImpl               : [http://foo.example.com:8080?p=1001] sending [checkout:1:STARTED] event/s ...
      26/05/2020 15:48:25,271 INFO  [EventsServiceWorker-155                           ] EventsServiceImpl               : [http://foo.example.com:8080?p=1001] sending [checkout:1:FINISHED, build:1:STARTED] event/s ...
      26/05/2020 15:49:44,466 INFO  [EventsServiceWorker-155                           ] EventsServiceImpl               : [http://foo.example.com:8080?p=1001] sending [build:1:FINISHED, static analysis:1:STARTED] event/s ...
      26/05/2020 15:51:03,569 INFO  [itbucket/sbs-infra/sbs-jenkins-git-backup #15509]]] BuildLogHelper                  : enqueued build 'sbs-admin/job/sbs-admin-bitbucket/job/sbs-infra/job/sbs-jenkins-git-backup #15509' for log submission
      26/05/2020 15:51:03,579 WARN  [itbucket/sbs-infra/sbs-jenkins-git-backup #15509]]] VulnerabilitiesWorkflowListener : No Security Scan integration configuration was found sbs-admin/sbs-admin-bitbucket/sbs-infra/sbs-jenkins-git-backup #15509
      26/05/2020 15:51:03,939 INFO  [BuildLogsPushWorker-156                           ] LogsServiceImpl                 : [http://foo.example.com:8080?p=1001] log of 'sbs-admin/job/sbs-admin-bitbucket/job/sbs-infra/job/sbs-jenkins-git-backup #15509', root job : sbs-admin/job/sbs-admin-bitbucket/job/sbs-infra/job/sbs-jenkins-git-backup, no interested workspace is found
      26/05/2020 15:51:04,436 INFO  [EventsServiceWorker-155                           ] EventsServiceImpl               : [http://foo.example.com:8080?p=1001] sending [sbs-admin/job/sbs-admin-bitbucket/job/sbs-infra/job/sbs-jenkins-git-backup:15509:STARTED, Checkout:15509:STARTED, Checkout:15509:FINISHED, Backup to GIT:15509:STARTED, Backup to GIT:15509:FINISHED, sbs-admin/job/sbs-admin-bitbucket/job/sbs-infra/job/sbs-jenkins-git-backup:15509:FINISHED] event/s ...
      26/05/2020 15:51:50,025 INFO  [EventsServiceWorker-155                           ] EventsServiceImpl               : [http://foo.example.com:8080?p=1001] sending [static analysis:1:FINISHED, create docker image:1:STARTED] event/s ...

      This does not feel right at other places this information is well hidden for users without permission. Is this an error in our setup?



          andreasmandel Andreas Mandel created issue -
          ptofan Paul-Adrian Tofan made changes -
          Field Original Value New Value
          Assignee Maria Narcisa Galan [ narcisamgalan ] Radi Berkovich [ radislavb ]
          radislavb Radi Berkovich made changes -
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Closed [ 6 ]


            radislavb Radi Berkovich
            andreasmandel Andreas Mandel
            0 Vote for this issue
            2 Start watching this issue