CVE-2020-2275 — MEDIUM (6.5)

Q: How severe is CVE-2020-2275?

CVE-2020-2275 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-2275?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Copy Data To Workspace.

Vulnerability Description

Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Jenkins	Copy Data To Workspace	<= 1.0

Related Weaknesses (CWE)

CWE-22

References

http://www.openwall.com/lists/oss-security/2020/09/16/3Third Party Advisory
https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1966Vendor Advisory
http://www.openwall.com/lists/oss-security/2020/09/16/3Third Party Advisory
https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1966Vendor Advisory

FAQ

What is CVE-2020-2275?

CVE-2020-2275 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to ...

How severe is CVE-2020-2275?

CVE-2020-2275 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-2275?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Copy Data To Workspace.