CVE-2020-2275 – org.jvnet.hudson.plugins:copy-data-to-workspace-plugin

Package

Manager: maven
Name: org.jvnet.hudson.plugins:copy-data-to-workspace-plugin
Vulnerable Version: >=0 <=1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01511 pctl0.80507

Details

Arbitrary file read vulnerability in Copy data to workspace Jenkins Plugin Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller.

Metadata

Created: 2022-05-24T17:28:27Z
Modified: 2022-12-28T22:47:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2f4c-8rp6-fh6q/GHSA-2f4c-8rp6-fh6q.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-2f4c-8rp6-fh6q
Finding: F063
Auto approve: 1