Child pages
  • Jenkins Script Console
41 more child pages

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Small typos

...

Warning
titleSecurity warnings

It is very important to understand all of the following points because it affects the integrity of your Jenkins installation. The Jenkins Script Console:

  • Access is controlled by the RunScripts permission.  Older versions of the Matrix Authorization Strategy Plugin allow non-Admin users to be granted this permission.  Matrix Authorization Strategy Plugin version 1.5 and later fixed this issue. If any authorization strategy allows this permission to be granted to users other than Admins, then extreme care should be taken not to allow non-admins.
  • Is a web-based Groovy shell into the Jenkins runtime. Groovy is a very powerful language which offers the ability to do practically anything Java can do including:
    • Create sub-processes and execute arbitrary commands on the Jenkins master and agents.
    • It can even read files in which the Jenkins master has access to on the host (like /etc/passwd)
    • Decrypt credentials configured within Jenkins.
  • Offers no administrative controls to stop a User (or Admin) once they are able to execute the Script Console from affecting all parts of the Jenkins infrastructure. Granting a normal Jenkins user Script Console Access is essentially the same as giving them Administer Administrator rights within Jenkins.
  • Can configure any Jenkins setting. It can disable security, reconfigure security, even open a backdoor on the host operating system completely outside of the Jenkins process. Due to the mission critical importance many organizations place on Jenkins in their infrastructure this point is especially important because it would allow an attacker to move laterally within infrastructure with little effort.
  • Is so powerful because it was originally intended as a debugging interface for Jenkins developers but has since grown into an interface used by Jenkins Admins to configure Jenkins and debug Jenkins runtime issues.

Because of the power offered by the Jenkins Script Console, Jenkins and its agents should never be run as the root user (on Linux) or system administrator on any other flavor of OS.   Videos linked in this wiki page demonstrate and discuss security warnings.

Be sure to secure your Jenkins instance using known good community practices.

...