CVE-2020-2275

medium

Description

Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller.

References

https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1966

http://www.openwall.com/lists/oss-security/2020/09/16/3

Details

Source: Mitre, NVD

Published: 2020-09-16

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N