Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-35011

GitHub Plugin allows unauthenticated access despite global security configuration

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • github-plugin
    • Jenkins 2.5 running on Ubuntu 16.04, installed from "latest version" http://pkg.jenkins-ci.org/debian PPA repository. github-plugin is version 1.19.1, with no available updates shown in Jenkins.

      I started to set up GitHub webhooks with Jenkins, and I got it working as https://jenkins.mydomain.com/github-webhook/ - without any username and password provided by GitHub. I want to secure it with a username and password (or some other means, if there's a better/more commonly used auth method for this), but before that I want to make sure that this unauthenticated webhook URL access is secured so that it's not freely.

      I'm using global security with built-in Active Directory and Project-based Matrix Authorization Strategy, and anonymous users don't have any access to anything. My Jenkins server is behind an apache2 reverse-proxy.

            lanwen Kirill Merkushev
            cotycondry Coty Condry
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: