Description
In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/10/08/5
https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1846
Related Vulnerabilities
CVE-2023-41046 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2019-15782 Vulnerability in maven package org.webjars.npm:webtorrent
CVE-2017-16171 Vulnerability in npm package hcbserver
CVE-2017-12197 Vulnerability in maven package org.kohsuke:libpam4j
CVE-2022-28220 Vulnerability in maven package org.apache.james:james-server-protocols-imap4