Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-vv89-xggx-qqh2

GitHub Security Advisory

Improper permission checks in Jenkins Copy Artifact Plugin

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks when determining whether a build can copy artifacts from another project build. This allows attackers, usually with Job/Configure permission, to configure jobs to copy artifacts from jobs they have no permission to access.

Copy Artifact Plugin 1.44 now properly performs permission checks when copying artifacts. When updating the plugin from a previous version, the previous behavior is retained (\"Migration mode\"). To enable the additional protections, switch to the new \"Production mode\". Doing so may cause existing jobs to fail to copy artifacts. For more information see the [plugin documentation](https://github.com/jenkinsci/copyartifact-plugin).

Affected Packages

Maven org.jenkins-ci.plugins:copyartifact
Affected versions: 0 (fixed in 1.44)

Related CVEs

CVE-2020-2183

Key Information

GHSA ID
GHSA-vv89-xggx-qqh2
Published
May 24, 2022 5:17 PM
Last Modified
December 16, 2022 10:58 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:copyartifact
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.