CVE-2020-2287

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-2287
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2287.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-2287
Aliases
Published
2020-10-08T13:15:11Z
Modified
2024-10-12T06:21:01.994269Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

References

Affected packages

Git / github.com/jenkinsci/audit-trail-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/audit-trail-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

audit-trail-1.*

audit-trail-1.5
audit-trail-1.6
audit-trail-1.7
audit-trail-1.8

audit-trail-2.*

audit-trail-2.0
audit-trail-2.1
audit-trail-2.2
audit-trail-2.3
audit-trail-2.4
audit-trail-2.5
audit-trail-2.6

audit-trail-3.*

audit-trail-3.0
audit-trail-3.1
audit-trail-3.2
audit-trail-3.3
audit-trail-3.4
audit-trail-3.5
audit-trail-3.6

Other

untagged-a8c88dd4efbbeeac7445