CVE-2020-2183
UNKNOWN
Published 2020-05-06T12:45:23
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2020-2183. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
✓ GitHub Reviewed
MODERATE
Improper permission checks in Jenkins Copy Artifact Plugin
GHSA-vv89-xggx-qqh2Advisory Details
Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks when determining whether a build can copy artifacts from another project build. This allows attackers, usually with Job/Configure permission, to configure jobs to copy artifacts from jobs they have no permission to access.
Copy Artifact Plugin 1.44 now properly performs permission checks when copying artifacts. When updating the plugin from a previous version, the previous behavior is retained (\"Migration mode\"). To enable the additional protections, switch to the new \"Production mode\". Doing so may cause existing jobs to fail to copy artifacts. For more information see the [plugin documentation](https://github.com/jenkinsci/copyartifact-plugin).
Affected Packages
Maven
org.jenkins-ci.plugins:copyartifact
ECOSYSTEM:
≥0
<1.44
CVSS Scoring
CVSS Score
5.0
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: December 16, 2022
References
Published: 2020-05-06T12:45:23
Last Modified: 2024-08-04T07:01:41.061Z
Copied to clipboard!