CVE-2020-2160

2021-08-1511:34:50

redhat.com

access.redhat.com

jenkins

csrf

bypass

EPSS

0.001

Percentile

33.0%

JSON

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

References

bugzilla.redhat.com/show_bug.cgi?id=1819190

jenkins.io/security/advisory/2020-03-25/#SECURITY-1774

nvd.nist.gov/vuln/detail/CVE-2020-2160

CVE-2020-2160

References

Related