Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23475

Can bypass permission check of CopyArtifact with WebAPI/CLI

    XMLWordPrintable

Details

    Description

      When specifying a project name to copy artifacts from without a variable, permission check is performed at configuration time.
      That check is performed in the constructor of CopyArtifact, and can be bypassed using WebAPI, which does not trigger the constructor (triggers readResolve instead).

      update: can be bypassed also with CLI.

      Attachments

        Issue Links

          Activity

            ikedam ikedam created issue -
            ikedam ikedam added a comment -

            I noticed this problem reviewing codes, and have not tested reproducing yet.
            I have to write a test code to reproduce this first.

            ikedam ikedam added a comment - I noticed this problem reviewing codes, and have not tested reproducing yet. I have to write a test code to reproduce this first.
            ikedam ikedam added a comment - https://github.com/jenkinsci/copyartifact-plugin/pull/41
            ikedam ikedam made changes -
            Field Original Value New Value
            Description When specifying a project name to copy artifacts from without a variable, permission check is performed at configuration time.
            That check is performed in the constructor of {{CopyArtifact}}, and can be bypassed using WebAPI, which does not trigger the constructor (triggers {{readResolve}} instead).
            When specifying a project name to copy artifacts from without a variable, permission check is performed at configuration time.
            That check is performed in the constructor of {{CopyArtifact}}, and can be bypassed using WebAPI, which does not trigger the constructor (triggers {{readResolve}} instead).

            update: can be bypassed also with CLI.
            Summary Can bypass permission check of CopyArtifact with WebAPI Can bypass permission check of CopyArtifact with WebAPI/CLI
            ikedam ikedam made changes -
            Link This issue is related to JENKINS-24888 [ JENKINS-24888 ]
            ikedam ikedam made changes -
            Link This issue is related to JENKINS-28247 [ JENKINS-28247 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 156104 ] JNJira + In-Review [ 179216 ]
            ikedam ikedam added a comment -

            Fixed in SECURITY-988

            ikedam ikedam added a comment - Fixed in SECURITY-988
            ikedam ikedam made changes -
            Link This issue blocks SECURITY-988 [ SECURITY-988 ]
            ikedam ikedam made changes -
            Released As https://github.com/jenkinsci/copyartifact-plugin/blob/master/CHANGELOG.adoc#144
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Fixed but Unreleased [ 10203 ]
            ikedam ikedam made changes -
            Status Fixed but Unreleased [ 10203 ] Closed [ 6 ]
            ikedam ikedam made changes -
            Link This issue blocks SECURITY-988 [ SECURITY-988 ]
            ikedam ikedam made changes -
            Link This issue relates to SECURITY-988 [ SECURITY-988 ]

            People

              ikedam ikedam
              ikedam ikedam
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: