EPSS
Percentile
33.0%
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
bugzilla.redhat.com/show_bug.cgi?id=1819190
jenkins.io/security/advisory/2020-03-25/#SECURITY-1774
nvd.nist.gov/vuln/detail/CVE-2020-2160
www.cve.org/CVERecord?id=CVE-2020-2160