• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • None
    • 2.272

      If Jenkins#setSecurityRealm is called concurrently from multiple threads there is a potential race condition on the authentication filters registration.

      Jenkins#setSecurityRealm calls filter.reset(), HudsonFilter#reset is not synchronized however it is replacing the old filter with the new filter (if there was one) which is not thread a thread safe operation.

      The effect of this race condition is the wrong auth filter being registered.

          [JENKINS-64465] Race condition on setSecurityRealm

          Antonio Muñiz created issue -
          Antonio Muñiz made changes -
          Description Original: If `Jenkins#setSecurityRealm` is called concurrently from multiple threads there is a potential race condition on the authentication filters registration.

          `Jenkins#setSecurityRealm` calls [filter.reset()|https://github.com/jenkinsci/jenkins/blob/9a8588951b77a938fcf4ba9cee68d4c3e98d28b0/core/src/main/java/jenkins/model/Jenkins.java#L2627], `HudsonFilter#reset` is not synchronized however it is replacing the old filter with the new filter (if there was one) which is not thread a thread safe operation.

          The effect of this race condition is the wrong auth filter being registered.
          New: If {{Jenkins#setSecurityRealm}} is called concurrently from multiple threads there is a potential race condition on the authentication filters registration.

          `Jenkins#setSecurityRealm` calls [filter.reset()|https://github.com/jenkinsci/jenkins/blob/9a8588951b77a938fcf4ba9cee68d4c3e98d28b0/core/src/main/java/jenkins/model/Jenkins.java#L2627], `HudsonFilter#reset` is not synchronized however it is replacing the old filter with the new filter (if there was one) which is not thread a thread safe operation.

          The effect of this race condition is the wrong auth filter being registered.
          Antonio Muñiz made changes -
          Description Original: If {{Jenkins#setSecurityRealm}} is called concurrently from multiple threads there is a potential race condition on the authentication filters registration.

          `Jenkins#setSecurityRealm` calls [filter.reset()|https://github.com/jenkinsci/jenkins/blob/9a8588951b77a938fcf4ba9cee68d4c3e98d28b0/core/src/main/java/jenkins/model/Jenkins.java#L2627], `HudsonFilter#reset` is not synchronized however it is replacing the old filter with the new filter (if there was one) which is not thread a thread safe operation.

          The effect of this race condition is the wrong auth filter being registered.
          New: If {{Jenkins#setSecurityRealm}} is called concurrently from multiple threads there is a potential race condition on the authentication filters registration.

          {{Jenkins#setSecurityRealm}} calls [filter.reset()|https://github.com/jenkinsci/jenkins/blob/9a8588951b77a938fcf4ba9cee68d4c3e98d28b0/core/src/main/java/jenkins/model/Jenkins.java#L2627], {{HudsonFilter#reset}} is not synchronized however it is replacing the old filter with the new filter (if there was one) which is not thread a thread safe operation.

          The effect of this race condition is the wrong auth filter being registered.
          Antonio Muñiz made changes -
          Assignee New: Antonio Muñiz [ amuniz ]
          Antonio Muñiz made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Mark Waite made changes -
          Released As New: 2.272
          Resolution New: Fixed [ 1 ]
          Status Original: In Progress [ 3 ] New: Resolved [ 5 ]
          Mark Waite made changes -
          Status Original: Resolved [ 5 ] New: Closed [ 6 ]

            amuniz Antonio Muñiz
            amuniz Antonio Muñiz
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: