cbcvebase.
CVE-2020-2160
published 2020-03-25

CVE-2020-2160: Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow…

high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.99%
78.2th percentile
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

Affected

13 ranges
VendorProductVersion rangeFixed in
jenkinsartifactory_plugin
jenkinsaws_steps_plugin
jenkinsazure_container_service_plugin
jenkinsjenkins_core
jenkinsjenkins_lts
jenkinsjenkins_weekly
jenkinsopenshift_pipeline_plugin
jenkinsqueue_cleanup_plugin
jenkinsrapiddeploy_plugin
jenkinsyaml_input_files_to_azure_container_service_plugin
jenkinsyaml_input_files_to_openshift_pipeline_plugin
jenkins_projectjenkinsunspecified – 2.227
jenkins_projectjenkinsunspecified – LTS 2.204.5

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
cvelistv58.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.