[JENKINS-28247] Can bypass permission check of CopyArtifact with WorkflowJob - Jenkins Jira

We couldn't load the project sidebar. Refresh the page to try again.
If the problem persists, contact your Jira admin.

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: copyartifact-plugin
Labels:
- pipeline
Environment:
copyartifact 1.35

Similar Issues:
Powered by SuggestiMate

Show
Released As:
https://github.com/jenkinsci/copyartifact-plugin/blob/master/CHANGELOG.adoc#144

The permission check of copyartifact doesn't work with workflow:

Copyartifact performs runtime permission check only when the project name is specified with variables.
- Variables in workflow jobs are resolved before passed to builders.
- Even if variable expression is passed to builders, builder cannot resolve that variables (see ~~JENKINS-26694~~)
Configuration-time permission check doesn't performed as it performs only when triggered via stapler.

is related to

JENKINS-23475 Can bypass permission check of CopyArtifact with WebAPI/CLI

Closed

JENKINS-24888 Complete runtime permission check of Copyartifact

Closed

Jesse Glick added a comment - 2015-05-06 13:43

Is this not just a duplicate of ~~JENKINS-24888~~? The existing permission model in the plugin is broken.

Jesse Glick added a comment - 2015-05-06 13:43 Is this not just a duplicate of JENKINS-24888 ? The existing permission model in the plugin is broken.

ikedam added a comment - 2020-05-23 00:57

Fixed as SECURITY-988, copyartifact-1.44

ikedam added a comment - 2020-05-23 00:57 Fixed as SECURITY-988, copyartifact-1.44

Assignee:: ikedam

Reporter:: ikedam

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2015-05-06 04:01

Updated:: 2020-05-23 00:57

Resolved:: 2020-05-23 00:57