[JENKINS-25146] When the anonymous user has no access rights, userContent is inaccessible - Jenkins Jira

Type: Bug
Resolution: Won't Fix
Priority: Minor
Component/s: core
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show

Hello,

I've tried the following:

I have a Jenkins installation on Debian stable with the most recent Jenkins release (via the official Jenkins repository)
I have enabled security
The anonymous user does not have any rights (not even 'Read'), because I don't want to show which nodes are active or which users are configured.
Nobody is logged in
I browse to http://localhost:8080/userContent/

Achieved result:
I see a login prompt.

Expected result:
I've seen ticket https://issues.jenkins-ci.org/browse/JENKINS-23259, which handles exactly the opposite situation.

According to the Wiki page at https://wiki.jenkins-ci.org/display/JENKINS/User+Content the userContent folder should be accessible.
<quote>Note that these files are not subject to any access controls.</quote>

Versions affected:
1.565.3, 1.580, 1.584, 1.588

Is the Wiki page incomplete and should it mention that when the anonymous has no rights at all, userContent is protected, or should the userContent folder always be unprotected?

is duplicated by

JENKINS-26911 Can't access /userContent when not logged in

Resolved

is related to

JENKINS-23259 userContent can been browsed by anoymous users when security is enabled and discovery is disabled

Resolved

links to

CloudBees Internal OSS-330

Assignee:: Unassigned

Reporter:: Roland Clobus

Votes:: 3 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2014-10-14 15:14

Updated:: 2017-12-05 06:01

Resolved:: 2016-04-30 14:32

Details

Description

Attachments

Issue Links

Activity

People

Dates