CVE-2020-2160

2020-03-2517:15:14

Google

osv.dev

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

33.0%

JSON

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

References

www.openwall.com/lists/oss-security/2020/03/25/2

jenkins.io/security/advisory/2020-03-25/#SECURITY-1774