Description
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
Remediation
References
Related Vulnerabilities
Python Untrusted Search Path Vulnerability (CVE-2008-5983)
MySQL CVE-2013-5770 Vulnerability (CVE-2013-5770)
MySQL CVE-2021-2009 Vulnerability (CVE-2021-2009)
CKEditor Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2021-26271)
WordPress Plugin Eventify-Simple Events 'fetcheventdetails.php' SQL Injection (1.7.f)