Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-12585

SECURITY: LDAP authenticated users switch accounts randomly

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Component/s: _unsorted
    • Labels:
      None
    • Environment:
    • Similar Issues:

      Description

      Running Jenkins behind Apache: mod_proxy with HTTPS
      https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+behind+Apache
      So our setup is
      Open Directory group
      jenkins-admin - Jenkins Admins all
      dev-group-a - Developers can view kick off builds

      Project-based Matrix Authorization Strategy
      Admin all checked
      dev-group-a checked: Overall:Read Job:Read,Build Run:Update
      dev-group-b checked: Overall:Read Job:Read

      issue is I'm an admin and random developer will login and see that there user id is mine and can admin jenkins.

      there has been reported cases that developer A will login and actually be reported by jenkins as Developer B
      were they can no longer trigger CI builds

      My biggest concern is when users login and are reporting as admins and have full access to jenkins.

        Attachments

          Activity

          geevez guillermo c created issue -
          docwhat Christian Höltje made changes -
          Field Original Value New Value
          Summary ACCESSS: LDAP:PMA Login authed users accounts switch SECURITY: LDAP authenticated users switch accounts randomly
          kohsuke Kohsuke Kawaguchi made changes -
          Assignee Kohsuke Kawaguchi [ kohsuke ]
          scm_issue_link SCM/JIRA link daemon made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          rtyler R. Tyler Croy made changes -
          Workflow JNJira [ 142951 ] JNJira + In-Review [ 190357 ]
          ircbot Jenkins IRC Bot made changes -
          Component/s _unsorted [ 19622 ]
          Component/s security [ 15508 ]

            People

            • Assignee:
              kohsuke Kohsuke Kawaguchi
              Reporter:
              geevez guillermo c
            • Votes:
              10 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: