Jenkins project Confluence instance attacked

Earlier this week the Jenkins infrastructure team identified a successful attack against our deprecated Confluence service. We responded immediately by taking the affected server offline while we investigated the potential impact. At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected.


This is a companion discussion topic for the original entry at https://www.jenkins.io/blog/2021/09/04/wiki-attacked/
1 Like

@MarkEWaite,

Could you please elaborate on “Jenkins infrastructure team has permanently disabled the Confluence service,” ?

I presume this includes all of wiki.jenkins.io (and wiki.jenkins-ci.org). Unfortunately, there’s a lot of stuff “out there”, including links in existing plugins which point to wiki.jenkins.io. Is there any way yo get a redirect in place to point to 'somewhere useful"?

Perhaps a link to the blog entry, or the “Document” page, appropriately updated to indicate the wiki is permanently down. Clicking on a plugin’s help link on a plugin and getting " Hmmm… can’t reach this page" is not the best user experience.

I imagine if the site is never coming back up, then the “Migrating from Wiki to GitHub” doc also needs updating?

Thanks,
Ian

I can speak to this one, as the “owner” of the plugin site, I’m working on exporting all remaining wiki documentation and importing it outside each individual plugin repo. I hope to have something in place this weekend.

We intend to capture the content from wiki.jenkns.io as well so that we don’t lose any of the existing content. The Wiki to GitHub transition project has been in progress for an extended period and will continue. We’ll certainly share details of plans as they evolve.

Thank you Mark and Gavin for your efforts. What prompted my inquiry was the Extended Choice Parameter plugin.

The plugin help actually points to:

Which would actually redirect to:

Looking at the plugin in the Plugins Center, it points to:

Documentation for this plugin is here: Extended Choice Parameter

And there’s no usage documentation on the GitHub README, which leaves the user with nowhere to reference.

I’m sure there are also other plugins whose documentation is lost in the ether.

I totally get it’s up to the community supporting the plugin to maintain, document and keep it up to date with the Jenkins infrastructure and standards. But at the same time, the average user will just click on the help, get a “page not found” and be stumped.

Some sort of redirect from wiki.jenkins-ci.org and wiki.jenkins.io to would be of tremendous help I think.

As the source content is no longer accessible to the average user (or the plugin maintainers ?) , users are also unable to contribute to the Wiki to GitHub migration.

The content is currently at:

An improved solution is being worked on

1 Like

Plugin pages that were on the wiki before are working now

I guess no good deed goes unpunished… Oh well, it’s not the first nor the last example of malicious actions against goodwill projects. I have found myself landing on those dead links one too many times (going through the CloudBees training material).

That being said, except the documentation tied to the plugins, do you foresee any actions to be taken towards the rest of the material? Anything that could anyone (myself included) do to help towards that direction?

We’re actively working on a project that we hope will bring the pages back as static HTML pages hosted at the same URL where they were prior to the attack.

If you’d like to assist, you can see the docker image definition that is evolving in confluence-data/Dockerfile at a336b7af88e56d32e11fce0aac1f966f74e279c5 · jenkins-infra/confluence-data · GitHub . The helm charts and other deployment components are being developed in the Jenkins infrastructure.