exploitDog

CVE-2020-2287

Опубликовано: 08 окт. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

Ссылки

http://www.openwall.com/lists/oss-security/2020/10/08/5
Third Party Advisory
https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1815
Vendor Advisory
http://www.openwall.com/lists/oss-security/2020/10/08/5
Third Party Advisory
https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1815
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:audit_trail:*:*:*:*:*:jenkins:*:*

Версия до 3.6 (включая)

EPSS

Процентиль: 21%

0.00066

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

Связанные уязвимости

GHSA-rpj6-2q8r-98f8

CVSS3: 5.3

github

почти 4 года назад

Request logging bypass in Jenkins Audit Trail Plugin

EPSS

Процентиль: 21%

0.00066

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты