Description

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/03/25/2

https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1774

Related Vulnerabilities

CVE-2022-45802 Vulnerability in maven package org.apache.streampark:streampark-common_2.11

CVE-2020-2259 Vulnerability in maven package org.jenkins-ci.plugins:computer-queue-plugin

CVE-2018-1000613 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on

CVE-2022-35923 Vulnerability in npm package v8n

CVE-2019-18797 Vulnerability in maven package org.webjars.npm:node-sass

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory