-
Bug
-
Resolution: Fixed
-
Major
-
None
-
-
2.272
If Jenkins#setSecurityRealm is called concurrently from multiple threads there is a potential race condition on the authentication filters registration.
Jenkins#setSecurityRealm calls filter.reset(), HudsonFilter#reset is not synchronized however it is replacing the old filter with the new filter (if there was one) which is not thread a thread safe operation.
The effect of this race condition is the wrong auth filter being registered.
[JENKINS-64465] Race condition on setSecurityRealm
Description |
Original:
If `Jenkins#setSecurityRealm` is called concurrently from multiple threads there is a potential race condition on the authentication filters registration.
`Jenkins#setSecurityRealm` calls [filter.reset()|https://github.com/jenkinsci/jenkins/blob/9a8588951b77a938fcf4ba9cee68d4c3e98d28b0/core/src/main/java/jenkins/model/Jenkins.java#L2627], `HudsonFilter#reset` is not synchronized however it is replacing the old filter with the new filter (if there was one) which is not thread a thread safe operation. The effect of this race condition is the wrong auth filter being registered. |
New:
If {{Jenkins#setSecurityRealm}} is called concurrently from multiple threads there is a potential race condition on the authentication filters registration.
`Jenkins#setSecurityRealm` calls [filter.reset()|https://github.com/jenkinsci/jenkins/blob/9a8588951b77a938fcf4ba9cee68d4c3e98d28b0/core/src/main/java/jenkins/model/Jenkins.java#L2627], `HudsonFilter#reset` is not synchronized however it is replacing the old filter with the new filter (if there was one) which is not thread a thread safe operation. The effect of this race condition is the wrong auth filter being registered. |
Description |
Original:
If {{Jenkins#setSecurityRealm}} is called concurrently from multiple threads there is a potential race condition on the authentication filters registration.
`Jenkins#setSecurityRealm` calls [filter.reset()|https://github.com/jenkinsci/jenkins/blob/9a8588951b77a938fcf4ba9cee68d4c3e98d28b0/core/src/main/java/jenkins/model/Jenkins.java#L2627], `HudsonFilter#reset` is not synchronized however it is replacing the old filter with the new filter (if there was one) which is not thread a thread safe operation. The effect of this race condition is the wrong auth filter being registered. |
New:
If {{Jenkins#setSecurityRealm}} is called concurrently from multiple threads there is a potential race condition on the authentication filters registration.
{{Jenkins#setSecurityRealm}} calls [filter.reset()|https://github.com/jenkinsci/jenkins/blob/9a8588951b77a938fcf4ba9cee68d4c3e98d28b0/core/src/main/java/jenkins/model/Jenkins.java#L2627], {{HudsonFilter#reset}} is not synchronized however it is replacing the old filter with the new filter (if there was one) which is not thread a thread safe operation. The effect of this race condition is the wrong auth filter being registered. |
Assignee | New: Antonio Muñiz [ amuniz ] |
Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Released As | New: 2.272 | |
Resolution | New: Fixed [ 1 ] | |
Status | Original: In Progress [ 3 ] | New: Resolved [ 5 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |