[JENKINS-23475] Can bypass permission check of CopyArtifact with WebAPI/CLI

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: copyartifact-plugin
Labels:
None
Environment:
Copyartifact 1.30

Similar Issues:
Powered by SuggestiMate

Show
Released As:
https://github.com/jenkinsci/copyartifact-plugin/blob/master/CHANGELOG.adoc#144

When specifying a project name to copy artifacts from without a variable, permission check is performed at configuration time.
That check is performed in the constructor of CopyArtifact, and can be bypassed using WebAPI, which does not trigger the constructor (triggers readResolve instead).

update: can be bypassed also with CLI.

is related to

JENKINS-28247 Can bypass permission check of CopyArtifact with WorkflowJob

Closed

JENKINS-24888 Complete runtime permission check of Copyartifact

Closed

ikedam created issue - 2014-06-17 23:34

ikedam added a comment - 2014-06-17 23:39

I noticed this problem reviewing codes, and have not tested reproducing yet.
I have to write a test code to reproduce this first.

ikedam added a comment - 2014-06-17 23:39 I noticed this problem reviewing codes, and have not tested reproducing yet. I have to write a test code to reproduce this first.

ikedam added a comment - 2014-06-19 00:26

https://github.com/jenkinsci/copyartifact-plugin/pull/41

ikedam added a comment - 2014-06-19 00:26 https://github.com/jenkinsci/copyartifact-plugin/pull/41

ikedam made changes - 2014-06-19 00:28

Description	Original: When specifying a project name to copy artifacts from without a variable, permission check is performed at configuration time. That check is performed in the constructor of {{CopyArtifact}}, and can be bypassed using WebAPI, which does not trigger the constructor (triggers {{readResolve}} instead).	New: When specifying a project name to copy artifacts from without a variable, permission check is performed at configuration time. That check is performed in the constructor of {{CopyArtifact}}, and can be bypassed using WebAPI, which does not trigger the constructor (triggers {{readResolve}} instead). update: can be bypassed also with CLI.
Summary	Original: Can bypass permission check of CopyArtifact with WebAPI	New: Can bypass permission check of CopyArtifact with WebAPI/CLI

ikedam made changes - 2014-09-27 06:07

Link

New: This issue is related to ~~JENKINS-24888~~ [ ~~JENKINS-24888~~ ]

ikedam made changes - 2015-05-06 04:02

Link

New: This issue is related to ~~JENKINS-28247~~ [ ~~JENKINS-28247~~ ]

R. Tyler Croy made changes - 2016-07-25 23:51

Workflow

Original: JNJira [ 156104 ]

New: JNJira + In-Review [ 179216 ]

ikedam added a comment - 2020-05-23 00:55

Fixed in SECURITY-988

ikedam added a comment - 2020-05-23 00:55 Fixed in SECURITY-988

ikedam made changes - 2020-05-23 00:55

Link

New: This issue blocks SECURITY-988 [ SECURITY-988 ]

ikedam made changes - 2020-05-23 00:55

Released As		New: https://github.com/jenkinsci/copyartifact-plugin/blob/master/CHANGELOG.adoc#144
Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Fixed but Unreleased [ 10203 ]

Assignee:: ikedam

Reporter:: ikedam

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2014-06-17 23:34

Updated:: 2020-05-23 00:56

Resolved:: 2020-05-23 00:55

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: ikedam added a comment - 2014-06-17 23:39

Expand comment: ikedam added a comment - 2014-06-17 23:39

Collapse comment: ikedam added a comment - 2014-06-19 00:26

Expand comment: ikedam added a comment - 2014-06-19 00:26

Collapse comment: ikedam added a comment - 2020-05-23 00:55

Expand comment: ikedam added a comment - 2020-05-23 00:55

People

Dates