Description
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
Remediation
References
https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1774
http://www.openwall.com/lists/oss-security/2020/03/25/2
Related Vulnerabilities
CVE-2022-41937 Vulnerability in maven package org.xwiki.platform:xwiki-platform-filter-ui
CVE-2014-3656 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-vertx-http
CVE-2020-6467 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-32313 Vulnerability in maven package org.webjars.npm:vm2