Description
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/03/25/2
https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1774
Related Vulnerabilities
CVE-2020-28469 Vulnerability in maven package org.webjars.npm:glob-parent
CVE-2020-8910 Vulnerability in maven package org.webjars.npm:google-closure-library
CVE-2022-31172 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable
CVE-2022-36881 Vulnerability in maven package org.jenkins-ci.plugins:git-client
CVE-2022-41253 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt