Description

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/10/08/5

https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1815

Related Vulnerabilities

CVE-2022-32533 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed

CVE-2019-17359 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on

CVE-2020-36381 Vulnerability in npm package aaptjs

CVE-2017-16089 Vulnerability in npm package serverlyr

CVE-2017-15692 Vulnerability in maven package org.apache.geode:geode-core

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Third Party Advisory Vendor Advisory NVD-CWE-noinfo