Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-2160)

Description

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

Remediation

References

CVE-2020-2160

Related Vulnerabilities

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4898)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2013-6414)

WordPress Plugin Simple:Press 'sf-header-forum.php' SQL Injection (4.3.0)

WordPress Plugin Adminer Multiple Cross-Site Scripting Vulnerabilities (1.4.3)

WordPress Plugin Slider Revolution Responsive Arbitrary File Upload (3.0.95)

Severity

High

Classification

CVE-2020-2160 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H