Description

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

Remediation

References

CVE-2020-2160

Related Vulnerabilities

Artifactory Incorrect Default Permissions Vulnerability (CVE-2021-46270)

MySQL CVE-2014-6496 Vulnerability (CVE-2014-6496)

IBM RTC Files or Directories Accessible to External Parties Vulnerability (CVE-2017-1602)

Apache HTTP Server Other Vulnerability (CVE-2002-2029)

Cherokee Out-of-bounds Write Vulnerability (CVE-2019-20800)

Severity

High

Classification

CVE-2020-2160 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities