Getting 403s when attempting to install plugins with 2.541.3

Zirrno · March 27, 2026, 4:27pm

Jenkins setup:

Jenkins: 2.541.3

OS: Oracle Linux Server - 8.10

Java from JAVA_HOME: openjdk version “1.8.0_452”
OpenJDK Runtime Environment (Temurin)(build 1.8.0_452-b09)
OpenJDK 64-Bit Server VM (Temurin)(build 25.452-b09, mixed mode)

Java used in command: adoptopenjdk version 21

Currently I have a running instance of Jenkins from our last version (2.516.1), but have been trying to upgrade and am running into 403s when installing plugins. The specific command I am running is:

/usr/share/java/adoptopenjdk-21/bin/java -jar /var/lib/jenkins/jenkins-cli.jar -s http://localhost:8080 install-plugin <local_file_location>

This command returns:

STDOUT:
 STDERR: CLI handshake failed with status code 403
 Content-Length: 0
 Content-Security-Policy-Report-Only: base-uri 'none'; default-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self' data:; script-src 'report-sample' 'self' usage.jenkins.io; style-src 'report-sample' 'self' 'unsafe-inline';
 Date: Thu, 26 Mar 2026 21:18:36 GMT
 Server: Jetty(12.1.5)
 Vary: Accept-Encoding
 X-CLI-Error: Jenkins URL is not configured (set Jenkins URL in the configuration)
 X-Content-Type-Options: nosniff

It is currently downloading the hpi file locally and attempting to install from local. Prior, this command didn’t need the auth argument, and when I add the auth of an admin I get the same error. The main thing that I know about the version difference is the Jetty uplift, but I don’t see how that changes the install-plugin command. How can I get through the 403s to install the plugin?

mawinter69 · March 27, 2026, 4:57pm

Have you configured the URL properly?
I guess that is related to Jenkins Security Advisory 2026-03-18

Zirrno · March 27, 2026, 6:08pm

Have you configured the URL properly?

We are not as this is in a pre deployment phase where we are setting the environment up to be deployed by another configuration set. We are running the setup with a Chef environment and ruby scripts that I am still getting caught up on. Is the 2.541.3 version the first instance of this security fix?

mawinter69 · March 27, 2026, 7:20pm

I assume you want to use Chef to get your instance in a defined state i.e. configuration as code? That might not be the best approach. When you deploy a plugin while Jenkins is running and the plugin is already installed then you need a restart of Jenkins.
For configuration as code setups using the GitHub - jenkinsci/plugin-installation-manager-tool: Plugin Manager CLI tool for Jenkins · GitHub is better. So you first ensure all plugins are in the correct version in the plugins folder before you start Jenkins. That is the standard approach when you Jenkins in a docker container. Using docker is even better for a CasC approach.
Also look at the Configuration as Code plugin

Topic		Replies	Views
Failing to install plugin in Jenkins 2.479.1 Ask a question	6	120	November 27, 2024
Installed new version of Jenkins 2.44 with OpenJDK 11, I got a lot of the plugin cannot installed Community	3	152	April 24, 2024
Plugin installation failed Ask a question	13	9170	June 9, 2023
Installing Jenkins server version 2.332.1 and plugins Using Jenkins question	2	1338	January 30, 2024
Plugins upgrade issue in 2.346.2 Jenkins version Ask a question	4	911	August 8, 2022

Getting 403s when attempting to install plugins with 2.541.3

Related topics