Description
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/03/25/2
https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1774
Related Vulnerabilities
CVE-2019-14863 Vulnerability in maven package org.webjars.bower:angular
CVE-2023-30528 Vulnerability in maven package org.jenkins-ci.plugins:wso2id-oauth
CVE-2020-4045 Vulnerability in npm package ssb-db
CVE-2019-17570 Vulnerability in maven package org.apache.xmlrpc:xmlrpc
CVE-2020-14060 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind