Medium severity6.5NVD Advisory· Published Sep 16, 2020· Updated Jun 17, 2026
CVE-2020-2275
CVE-2020-2275
Description
Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jvnet.hudson.plugins:copy-data-to-workspace-pluginMaven | <= 1.0 | — |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2020/09/16/3nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-2f4c-8rp6-fh6qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-2275ghsaADVISORY
- www.jenkins.io/security/advisory/2020-09-16/nvdVendor AdvisoryWEB
News mentions
1- Jenkins Security Advisory 2020-09-16Jenkins Security Advisories · Sep 16, 2020