Description
In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/10/08/5
https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1846
Related Vulnerabilities
CVE-2018-20677 Vulnerability in maven package org.webjars:bootstrap-sass
CVE-2018-10054 Vulnerability in maven package com.h2database:h2
CVE-2016-4464 Vulnerability in maven package org.apache.cxf.fediz:fediz-core
CVE-2023-45884 Vulnerability in npm package openmct
CVE-2022-36888 Vulnerability in maven package com.datapipe.jenkins.plugins:hashicorp-vault-plugin