I have upgrade my prod jenkins version from 2.401.3 to 2.452.4 facing issue in job configuration we are using activity directory for our security. users are unable to see there jobs content like testing Graph for there project. As a admin i can see all Graph i have added that user as admin he is able to see the Graph but admin access i can’t give to other users. and i set the job configuration and given access to user but content also not able to see How to resolve this?
The issue you’re facing with users not being able to see their job content, such as testing graphs, after upgrading Jenkins might be related to permission settings. 
Would you have any logs to share?
Hi @poddingue
dont have any logs only users is facing this issue in project they not enabled any project based security. and after enabling the project based security also they are not able to see.
1 Like
@poddingue
only they are getting the error on viewing the graphs getting the error like this in developer tool
GET https://build.rnd.com/user/670266683/my-views/view/SDK4_NAParking/topPortlets/1/summaryGraph/png?
width=300&height=220 403 (Forbidden)
The url you give here looks as if this is a link to an image in a user view.
So if other users try to access this url they will not be able to access them anymore, see Jenkins Security Advisory 2024-08-07
1 Like
@mawinter69
Thanks for your support am trying to downgrade my version to 2.452.1
1 Like
Be aware that you will have unpatched security issues when you stick to an older version.
Hi @poddingue
As we discussed last time related to my view am getting same issue after upgrade to 2.479.3.Currenlty i have 2.452.1 am upgrading to 2.479.3 so can you help me my view should visible to all users same my view permission is causing this issue after that i downgraded to 2.452.1 so issue has been resolved.
So in Jenkins document they mention like below and find the link also.Jenkins Security Advisory 2024-08-07
Missing permission check allows accessing other users’ “My Views”
SECURITY-3349 / CVE-2024-43045
Severity (CVSS): Medium
Description:
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint.
This allows attackers with Overall/Read permission to access other users’ “My Views”. Attackers with global View/Configure and View/Delete permissions are also able to change other users’ “My Views”.
Jenkins 2.471, LTS 2.452.4, LTS 2.462.1 restricts access to a user’s “My Views” to the owning user and administrators.
So my question like then which LTS version i need to use apart from 2.462.x? If any answer please post me here.
Thanks and Regards,
Karthik Nayak
There is no recent LTS that allows access to a users personal view to other users. 2.452.3 was the last LTS where this was possible. In all newer LTS versions the security issue is fixed. So you will have to create global view.