CVE-2020-2160

CVSS v3.1 8.8 (High)

CVSS v2.0 6.8 (Medium)

EPSS 0.08 % (34^th)

Affected Products 1

Advisories 4

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

Weaknesses

CWE-352: Cross-Site Request Forgery (CSRF)

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2020-03-25 17:15:14
(4 years ago)
Updated Date: 2023-10-25 18:16:33
(10 months ago)

Affected Products

Jenkins

Jenkins

Configuration #1

		CPE23	From	Up To
	Jenkins 2.204.5 and prior versions	cpe:2.3:a:jenkins:jenkins::::*:lts		<= 2.204.5
	Jenkins 2.227 and prior versions	cpe:2.3:a:jenkins:jenkins::::*:-		<= 2.227