Description

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

Remediation

References

CVE-2020-2160

Related Vulnerabilities

Seo Panel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-28417)

MySQL CVE-2022-21460 Vulnerability (CVE-2022-21460)

WordPress Plugin WP ERP-Complete WordPress Business Manager with HR, CRM & Accounting Systems for Small Businesses Cross-Site Request Forgery (1.7.4)

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6208)

WordPress Plugin Import any XML or CSV File to WordPress Arbitrary File Upload (3.2.3)

Severity

High

Classification

CVE-2020-2160 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities