CVE-2020-2160Cross-Site Request Forgery in Project Jenkins

CWE-352Cross-Site Request ForgeryCWE-435Improper Interaction Between Multiple Correctly-Behaving Entities6 documents6 sources
Severity
8.8HIGHCNA
No vector
EPSS
0.2%
top 58.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Project Jenkins
Timeline
PublishedMar 25
Latest updateMay 24

Description

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

Affected Packages1 packages

CVEListV5jenkins_project/jenkinsunspecified2.227+1

🔴Vulnerability Details

3
OSV
Cross-Site Request Forgery in Jenkins2022-05-24
GHSA
Cross-Site Request Forgery in Jenkins2022-05-24
CVEList
CVE-2020-2160: Jenkins 22020-03-25

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2020-03-252020-03-25
Red Hat
jenkins: CSRF protection bypass via crafted URLs2020-03-25

💬Community

1
Bugzilla
CVE-2020-2160 jenkins: CSRF protection bypass via crafted URLs2020-03-31
CVE-2020-2160 — Cross-Site Request Forgery | cvebase