Description

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/10/08/5

https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1815

Related Vulnerabilities

CVE-2022-29249 Vulnerability in maven package io.github.javaezlib:javaez

CVE-2021-39194 Vulnerability in maven package com.charleskorn.kaml:kaml

CVE-2021-32696 Vulnerability in npm package striptags

CVE-2020-36049 Vulnerability in maven package org.webjars.npm:socket.io-parser

CVE-2020-26296 Vulnerability in maven package org.webjars.bowergithub.vega:vega

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Third Party Advisory Vendor Advisory NVD-CWE-noinfo