Description
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/10/08/5
https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1815
Related Vulnerabilities
CVE-2022-29249 Vulnerability in maven package io.github.javaezlib:javaez
CVE-2021-39194 Vulnerability in maven package com.charleskorn.kaml:kaml
CVE-2021-32696 Vulnerability in npm package striptags
CVE-2020-36049 Vulnerability in maven package org.webjars.npm:socket.io-parser
CVE-2020-26296 Vulnerability in maven package org.webjars.bowergithub.vega:vega