CVE-2020-2275
maven/org.jvnet.hudson.plugins/copy-data-to-workspace-plugin
Path Traversal
Jenkins Copy data to workspace Plugin does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller.
All versions up to 1.0
Unfortunately, there is no solution available yet.
2020-09-21
source |