Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-45169

Jenkins 2 setup wizard failing :Unable to connect to Jenkins

    Details

    • Similar Issues:

      Description

      Jenkins 2. setup wizard is failing at the final step after entering the admin username and password details .identified it as CSRF vulnerability as a result network blocked the ( completeInstall and createAdminUser files.As per http://telussecuritylabs.com/threats/show/TSL20170428-01 document I tried to install the latest fixed version(2.57) but still it appears to have the same issue.

      Do we have fix for this security vulnerability.

        Attachments

          Activity

          Hide
          danielbeck Daniel Beck added a comment -

          identified it as CSRF vulnerability as a result network blocked the ( completeInstall and createAdminUser files

          Whatever's doing the blocking is doing it wrong. Jenkins 2.57 specifically fixed potential CSRF issues in these URLs.

          Show
          danielbeck Daniel Beck added a comment - identified it as CSRF vulnerability as a result network blocked the ( completeInstall and createAdminUser files Whatever's doing the blocking is doing it wrong. Jenkins 2.57 specifically fixed potential CSRF issues in these URLs.
          Hide
          shireesha SHIREESHA PINNINTI added a comment -

          forgot to reopen the ticket.Please see my last comments.

          Show
          shireesha SHIREESHA PINNINTI added a comment - forgot to reopen the ticket.Please see my last comments.
          Hide
          danielbeck Daniel Beck added a comment -

          The requests are sent via POST, with Jenkins-Crumb header/form field, and therefore subject to CSRF protection.

          Your firewall is terrible, and this is still not a defect.

          Get rid of this snake oil bullshit.

          Show
          danielbeck Daniel Beck added a comment - The requests are sent via POST, with Jenkins-Crumb header/form field, and therefore subject to CSRF protection. Your firewall is terrible, and this is still not a defect. Get rid of this snake oil bullshit.

            People

            • Assignee:
              Unassigned
              Reporter:
              shireesha SHIREESHA PINNINTI
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: