CVE-2020-2287

CVSS v3.1 5.3 (Medium)

CVSS v2.0 5 (Medium)

EPSS 0.08 % (37^th)

Affected Products 1

Advisories 2

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2020-10-08 13:15:11
(4 years ago)
Updated Date: 2023-10-25 18:16:41
(10 months ago)

Affected Products

Jenkins

Audit Trail

Configuration #1

		CPE23	From	Up To
	Jenkins Audit Trail for Jenkins 3.6 and prior versions	cpe:2.3:a:jenkins:audit_trail::::::jenkins		<= 3.6