Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42556

PlaceholderTask.runForDisplay vulnerable to AccessDeniedException

    Details

    • Similar Issues:

      Description

      Resuming build at ... after Jenkins restart
      [Pipeline] End of Pipeline
      java.io.IOException: Failed to load build state
      	at org.jenkinsci.plugins.workflow.cps.CpsFlowExecution$3.onSuccess(CpsFlowExecution.java:610)
      	at org.jenkinsci.plugins.workflow.cps.CpsFlowExecution$3.onSuccess(CpsFlowExecution.java:608)
      	at org.jenkinsci.plugins.workflow.cps.CpsFlowExecution$4$1.run(CpsFlowExecution.java:651)
      	at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$1.run(CpsVmExecutorService.java:35)
      	at ...
      Caused by: org.acegisecurity.AccessDeniedException: Please login to access job ...
      	at jenkins.model.Jenkins.getItem(Jenkins.java:2724)
      	at jenkins.model.Jenkins.getItem(Jenkins.java:324)
      	at jenkins.model.Jenkins.getItemByFullName(Jenkins.java:2830)
      	at hudson.model.Run.fromExternalizableId(Run.java:2314)
      	at org.jenkinsci.plugins.workflow.support.steps.ExecutorStepExecution$PlaceholderTask.runForDisplay(ExecutorStepExecution.java:385)
      	at org.jenkinsci.plugins.workflow.support.steps.ExecutorStepExecution$PlaceholderTask.getDisplayName(ExecutorStepExecution.java:398)
      	at org.jenkinsci.plugins.workflow.support.steps.ExecutorStepExecution$PlaceholderTask.getFullDisplayName(ExecutorStepExecution.java:407)
      	at org.jenkinsci.plugins.workflow.support.pickles.ExecutorPickle$1.printWaitingMessage(ExecutorPickle.java:116)
      	at org.jenkinsci.plugins.workflow.support.pickles.TryRepeatedly$1.run(TryRepeatedly.java:95)
      	at ...
      

      Presumably there is no anonymous read access, and the Timer thread used by TryRepeatedly neglected to impersonate SYSTEM.

        Attachments

          Issue Links

            Activity

            jglick Jesse Glick created issue -
            jglick Jesse Glick made changes -
            Field Original Value New Value
            Epic Link JENKINS-35399 [ 171192 ]
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-42577 [ JENKINS-42577 ]
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-42586 [ JENKINS-42586 ]
            jglick Jesse Glick made changes -
            Assignee Jesse Glick [ jglick ]
            jglick Jesse Glick made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            jglick Jesse Glick made changes -
            Summary TryRepeatedly fails to run as ACL.SYSTEM PlaceholderTask.runForDisplay vulnerable to AccessDeniedException
            Component/s workflow-durable-task-step-plugin [ 21715 ]
            Component/s workflow-support-plugin [ 21719 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "jenkins-test-harness PR 52 (Web Link)" [ 15649 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "core PR 2790 (Web Link)" [ 15650 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "core PR 2791 (Web Link)" [ 15651 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "core PR 2792 (Web Link)" [ 15652 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "workflow-support PR 32 (Web Link)" [ 15653 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "workflow-durable-task-step PR 34 (Web Link)" [ 15654 ]
            jglick Jesse Glick made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            jglick Jesse Glick made changes -
            Status In Review [ 10005 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            allan_burdajewicz Allan BURDAJEWICZ made changes -
            Link This issue is related to JENKINS-42707 [ JENKINS-42707 ]
            danielbeck Daniel Beck made changes -
            Labels lts-candidate
            oleg_nenashev Oleg Nenashev made changes -
            Component/s core [ 15593 ]
            danielbeck Daniel Beck made changes -
            Labels lts-candidate
            jglick Jesse Glick made changes -
            Link This issue is duplicated by JENKINS-42504 [ JENKINS-42504 ]
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-45553 [ JENKINS-45553 ]
            jamesdumay James Dumay made changes -
            Remote Link This issue links to "CloudBees Internal OSS-2089 (Web Link)" [ 18425 ]
            agentgonzo Steve Arch made changes -
            Link This issue is related to JENKINS-50296 [ JENKINS-50296 ]

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                jglick Jesse Glick
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: