Description

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

Remediation

References

CVE-2020-2160

Related Vulnerabilities

WordPress Plugin MasterStudy LMS-for Online Courses and Education SQL Injection (3.2.5)

Oracle JRE CVE-2018-2798 Vulnerability (CVE-2018-2798)

WordPress Plugin ProPlayer 'pp_playlist_id' Parameter SQL Injection (4.7.7)

WordPress Plugin iThemes Exchange:Simple WP Ecommerce Cross-Site Scripting (1.11.18)

Plone arbitrary code execution

Severity

High

Classification

CVE-2020-2160 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities