Description

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/10/08/5

https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1815

Related Vulnerabilities

CVE-2018-11093 Vulnerability in npm package @ckeditor/ckeditor5-link

CVE-2014-6393 Vulnerability in npm package express

CVE-2017-16057 Vulnerability in npm package nodemssql

CVE-2018-25031 Vulnerability in maven package org.webjars.npm:swagger-ui-dist

CVE-2022-34662 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-common

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Third Party Advisory Vendor Advisory NVD-CWE-noinfo