Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12djg5LXhnZ3gtcXFoMs4AAknT
Improper permission checks in Jenkins Copy Artifact Plugin
Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks when determining whether a build can copy artifacts from another project build. This allows attackers, usually with Job/Configure permission, to configure jobs to copy artifacts from jobs they have no permission to access.
Copy Artifact Plugin 1.44 now properly performs permission checks when copying artifacts. When updating the plugin from a previous version, the previous behavior is retained ("Migration mode"). To enable the additional protections, switch to the new "Production mode". Doing so may cause existing jobs to fail to copy artifacts. For more information see the plugin documentation.
Permalink: https://github.com/advisories/GHSA-vv89-xggx-qqh2JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12djg5LXhnZ3gtcXFoMs4AAknT
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 5 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-vv89-xggx-qqh2, CVE-2020-2183
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-2183
- https://jenkins.io/security/advisory/2020-05-06/#SECURITY-988
- http://www.openwall.com/lists/oss-security/2020/05/06/3
- https://github.com/jenkinsci/copyartifact-plugin/commit/dc87de169604cb9b6706c5328e2e4aeb2c6652d6
- https://github.com/advisories/GHSA-vv89-xggx-qqh2
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:copyartifact
Affected Version Ranges: <= 1.43.1Fixed in: 1.44