Description

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/10/08/5

https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1815

Related Vulnerabilities

CVE-2022-25350 Vulnerability in npm package puppet-facter

CVE-2022-2191 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2022-42496 Vulnerability in npm package nadesiko3

CVE-2021-23354 Vulnerability in npm package printf

CVE-2016-8746 Vulnerability in maven package org.apache.ranger:ranger

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Third Party Advisory Vendor Advisory NVD-CWE-noinfo