GitHub Advisory DatabaseGHSA-VV89-XGGX-QQH2Improper permission checks in Jenkins Copy Artifact Plugin
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
28.4%
Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks when determining whether a build can copy artifacts from another project build. This allows attackers, usually with Job/Configure permission, to configure jobs to copy artifacts from jobs they have no permission to access.
Copy Artifact Plugin 1.44 now properly performs permission checks when copying artifacts. When updating the plugin from a previous version, the previous behavior is retained ("Migration mode"). To enable the additional protections, switch to the new "Production mode". Doing so may cause existing jobs to fail to copy artifacts. For more information see the plugin documentation.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.jenkins-ci.plugins | copyartifact | * | cpe:2.3:a:org.jenkins-ci.plugins:copyartifact:*:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
28.4%