Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23475

Can bypass permission check of CopyArtifact with WebAPI/CLI

    XMLWordPrintable

Details

    Description

      When specifying a project name to copy artifacts from without a variable, permission check is performed at configuration time.
      That check is performed in the constructor of CopyArtifact, and can be bypassed using WebAPI, which does not trigger the constructor (triggers readResolve instead).

      update: can be bypassed also with CLI.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-28247 Can bypass permission check of CopyArtifact with WorkflowJob

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. JENKINS-24888 Complete runtime permission check of Copyartifact

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            ikedam ikedam created issue -
            ikedam ikedam made changes -
            Field Original Value New Value
            Description When specifying a project name to copy artifacts from without a variable, permission check is performed at configuration time.
            That check is performed in the constructor of {{CopyArtifact}}, and can be bypassed using WebAPI, which does not trigger the constructor (triggers {{readResolve}} instead).
            		 When specifying a project name to copy artifacts from without a variable, permission check is performed at configuration time.
            That check is performed in the constructor of {{CopyArtifact}}, and can be bypassed using WebAPI, which does not trigger the constructor (triggers {{readResolve}} instead).

            update: can be bypassed also with CLI.
            Summary Can bypass permission check of CopyArtifact with WebAPI Can bypass permission check of CopyArtifact with WebAPI/CLI
            ikedam ikedam made changes -
            Link This issue is related to JENKINS-24888 [ JENKINS-24888 ]
            ikedam ikedam made changes -
            Link This issue is related to JENKINS-28247 [ JENKINS-28247 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 156104 ] JNJira + In-Review [ 179216 ]
            ikedam ikedam made changes -
            Link This issue blocks SECURITY-988 [ SECURITY-988 ]
            ikedam ikedam made changes -
            Released As https://github.com/jenkinsci/copyartifact-plugin/blob/master/CHANGELOG.adoc#144
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Fixed but Unreleased [ 10203 ]
            ikedam ikedam made changes -
            Status Fixed but Unreleased [ 10203 ] Closed [ 6 ]
            ikedam ikedam made changes -
            Link This issue blocks SECURITY-988 [ SECURITY-988 ]
            ikedam ikedam made changes -
            Link This issue relates to SECURITY-988 [ SECURITY-988 ]

            People

              ikedam ikedam
              ikedam ikedam
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: