• Type: Bug
• Resolution: Unresolved
• Priority: Critical
• Component/s: git-server-plugin
• Labels:

  None

[JENKINS-72606] git-server doesn't work via HTTP(S)

Daniel Beck created issue - 2024-01-25 07:22

Daniel Beck made changes - 2024-01-25 08:09

Description

Original: The plugin offers the ability to access repositories via HTTP(S) or SSH. It appears that HTTP(S) access is entirely broken. At a glance there seems something wrong with the CSRF crumb exclusion, but even the trivial fix (allowing the {{application/x-git-upload-pack-request}} through) just causes a different error. I'm using Git 2.39.3 (Apple Git-145). The Jenkins security team would have liked to offer HTTP(S) as an alternative to admins choosing to disable the SSH CLI for [https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319], but then we discovered this problem :(

New: The plugin offers the ability to access repositories via HTTP(S) or SSH. It appears that HTTP(S) access is entirely broken. I'm using Git 2.39.3 (Apple Git-145). The Jenkins security team would have liked to offer HTTP(S) as an alternative to admins choosing to disable the SSH CLI for [https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319], but then we discovered this problem :(

Daniel Beck made changes - 2024-01-25 08:26

Assignee

New: Daniel Beck [ danielbeck ]

Daniel Beck made changes - 2024-01-25 08:26

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Daniel Beck made changes - 2024-01-25 08:26

Status

Original: In Progress [ 3 ]

New: In Review [ 10005 ]

Daniel Beck made changes - 2024-01-25 08:26

Remote Link

New: This issue links to "PR#112 (Web Link)" [ 29455 ]

Jesse Glick made changes - 2024-01-25 14:23

Component/s		New: git-server-plugin [ 17613 ]
Component/s	Original: core [ 15593 ]