Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-28247

Can bypass permission check of CopyArtifact with WorkflowJob

    XMLWordPrintable

Details

    Description

      The permission check of copyartifact doesn't work with workflow:

      • Copyartifact performs runtime permission check only when the project name is specified with variables.
        • Variables in workflow jobs are resolved before passed to builders.
        • Even if variable expression is passed to builders, builder cannot resolve that variables (see JENKINS-26694)
      • Configuration-time permission check doesn't performed as it performs only when triggered via stapler.

      Attachments

        Issue Links

          Activity

            ikedam ikedam created issue -
            ikedam ikedam made changes -
            Field Original Value New Value
            Link This issue is related to JENKINS-24888 [ JENKINS-24888 ]
            ikedam ikedam made changes -
            Link This issue is related to JENKINS-23475 [ JENKINS-23475 ]
            jglick Jesse Glick made changes -
            Labels workflow
            jglick Jesse Glick added a comment -

            Is this not just a duplicate of JENKINS-24888? The existing permission model in the plugin is broken.

            jglick Jesse Glick added a comment - Is this not just a duplicate of JENKINS-24888 ? The existing permission model in the plugin is broken.
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 163078 ] JNJira + In-Review [ 181086 ]
            abayer Andrew Bayer made changes -
            Labels workflow pipeline workflow
            abayer Andrew Bayer made changes -
            Labels pipeline workflow pipeline
            ikedam ikedam added a comment -

            Fixed as SECURITY-988, copyartifact-1.44

            ikedam ikedam added a comment - Fixed as SECURITY-988, copyartifact-1.44
            ikedam ikedam made changes -
            Link This issue relates to SECURITY-988 [ SECURITY-988 ]
            ikedam ikedam made changes -
            Released As https://github.com/jenkinsci/copyartifact-plugin/blob/master/CHANGELOG.adoc#144
            Assignee ikedam [ ikedam ]
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Fixed but Unreleased [ 10203 ]
            ikedam ikedam made changes -
            Status Fixed but Unreleased [ 10203 ] Closed [ 6 ]

            People

              ikedam ikedam
              ikedam ikedam
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: