Description
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/10/08/5
https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1815
Related Vulnerabilities
CVE-2015-9242 Vulnerability in maven package org.webjars.npm:ecstatic
CVE-2021-3803 Vulnerability in npm package nth-check
CVE-2019-11405 Vulnerability in maven package org.openapitools:openapi-generator-project
CVE-2021-21193 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-26156 Vulnerability in maven package org.webjars.npm:chromedriver