Be aware of anonymous user read access in Jenkins

Akshay Bosamiya
Aubergine Solutions
2 min readJun 13, 2018
Image source: https://pixabay.com/en/photos/download/hacker-2883635_1920.jpg

I’m assuming that you are familiar with CI/CD using Jenkins. And you’re a newbie for setting up Jenkins job. You set up CI/CD for your private project.

What does anonymous user read access mean?

This allows users to access Jenkins in a read-only mode even if one is not authenticated. You’ll think that no one can modify.

But using anonymous user read access anyone can read your Workspace. Anyone can download your private repository by just one click on all files in .zip.

Definitely, this won’t happen until your Jenkins machine URL is exposed. If you have hosted CI/CD on the cloud then it might have a chance to be exposed machine URL. By removing anonymous read access you can prevent this situation. Else you can use Matrix-based security. This way you can make your private repository secure.

Jenkins’s Job workspace

To remove anonymous read access

Right now go to your Jenkins dashboard. Click on Manage Jenkins → Configure Global Security → Remove check Allow anonymous read access.

Jenkins’s Configure Global Security

You can also open Configure Global Security via {JENKINS_URL}/configureSecurity/.

If you found this small tip helpful then do 👏…👏...👏… :D

--

--