Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-45169

Jenkins 2 setup wizard failing :Unable to connect to Jenkins

    Details

    • Similar Issues:

      Description

      Jenkins 2. setup wizard is failing at the final step after entering the admin username and password details .identified it as CSRF vulnerability as a result network blocked the ( completeInstall and createAdminUser files.As per http://telussecuritylabs.com/threats/show/TSL20170428-01 document I tried to install the latest fixed version(2.57) but still it appears to have the same issue.

      Do we have fix for this security vulnerability.

        Attachments

          Activity

          shireesha SHIREESHA PINNINTI created issue -
          Hide
          danielbeck Daniel Beck added a comment -

          identified it as CSRF vulnerability as a result network blocked the ( completeInstall and createAdminUser files

          Whatever's doing the blocking is doing it wrong. Jenkins 2.57 specifically fixed potential CSRF issues in these URLs.

          Show
          danielbeck Daniel Beck added a comment - identified it as CSRF vulnerability as a result network blocked the ( completeInstall and createAdminUser files Whatever's doing the blocking is doing it wrong. Jenkins 2.57 specifically fixed potential CSRF issues in these URLs.
          danielbeck Daniel Beck made changes -
          Field Original Value New Value
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Not A Defect [ 7 ]
          shireesha SHIREESHA PINNINTI made changes -
          Attachment 10.133.210.167-Packet Captures.zip [ 39054 ]
          shireesha SHIREESHA PINNINTI made changes -
          Hide
          shireesha SHIREESHA PINNINTI added a comment -

          forgot to reopen the ticket.Please see my last comments.

          Show
          shireesha SHIREESHA PINNINTI added a comment - forgot to reopen the ticket.Please see my last comments.
          shireesha SHIREESHA PINNINTI made changes -
          Resolution Not A Defect [ 7 ]
          Status Resolved [ 5 ] Reopened [ 4 ]
          Hide
          danielbeck Daniel Beck added a comment -

          The requests are sent via POST, with Jenkins-Crumb header/form field, and therefore subject to CSRF protection.

          Your firewall is terrible, and this is still not a defect.

          Get rid of this snake oil bullshit.

          Show
          danielbeck Daniel Beck added a comment - The requests are sent via POST, with Jenkins-Crumb header/form field, and therefore subject to CSRF protection. Your firewall is terrible, and this is still not a defect. Get rid of this snake oil bullshit.
          danielbeck Daniel Beck made changes -
          Status Reopened [ 4 ] Resolved [ 5 ]
          Resolution Not A Defect [ 7 ]

            People

            • Assignee:
              Unassigned
              Reporter:
              shireesha SHIREESHA PINNINTI
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: