CVE-2020-2275

Path Traversal in maven/org.jvnet.hudson.plugins/copy-data-to-workspace-plugin

Identifiers

CVE-2020-2275

Package Slug

maven/org.jvnet.hudson.plugins/copy-data-to-workspace-plugin

Vulnerability

Path Traversal

Description

Jenkins Copy data to workspace Plugin does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller.

Affected Versions

All versions up to 1.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-09-21

source