Description

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/10/08/5

https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1815

Related Vulnerabilities

CVE-2019-10777 Vulnerability in npm package aws-lambda

CVE-2020-10693 Vulnerability in maven package org.hibernate:hibernate-validator

CVE-2018-20059 Vulnerability in maven package ro.pippo:pippo-jaxb

CVE-2020-8298 Vulnerability in npm package fs-path

CVE-2016-8741 Vulnerability in maven package org.apache.qpid:qpid-broker-core

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Third Party Advisory Vendor Advisory NVD-CWE-noinfo