CVE-2020-2160
published 2020-03-25CVE-2020-2160: Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.99%
78.2th percentile
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | artifactory_plugin | — | — |
| jenkins | aws_steps_plugin | — | — |
| jenkins | azure_container_service_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | openshift_pipeline_plugin | — | — |
| jenkins | queue_cleanup_plugin | — | — |
| jenkins | rapiddeploy_plugin | — | — |
| jenkins | yaml_input_files_to_azure_container_service_plugin | — | — |
| jenkins | yaml_input_files_to_openshift_pipeline_plugin | — | — |
| jenkins_project | jenkins | unspecified – 2.227 | — |
| jenkins_project | jenkins | unspecified – LTS 2.204.5 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
cvelistv58.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Jenkins
Jenkins Security Advisory 2020-03-25
vendor_jenkins·2020-03-25·CVSS 8.8
CVE-2020-2160 [HIGH] Jenkins Security Advisory 2020-03-25
Title: Jenkins Security Advisory 2020-03-25
Jenkins Security Advisory 2020-03-25
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Jenkins (core)
Artifactory
Plugin
Azure Container Service
Plugin
OpenShift Pipeline
Plugin
Pipeline: AWS Steps
Plugin
Queue cleanup
Plugin
RapidDeploy
Plugin
Descrip
Red Hat
jenkins: CSRF protection bypass via crafted URLs
vendor_redhat·2020-03-25·CVSS 8.8
CVE-2020-2160 [HIGH] CWE-352 jenkins: CSRF protection bypass via crafted URLs
jenkins: CSRF protection bypass via crafted URLs
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
OSV
Cross-Site Request Forgery in Jenkins
osv·2022-05-24
CVE-2020-2160 [HIGH] Cross-Site Request Forgery in Jenkins
Cross-Site Request Forgery in Jenkins
An extension point in Jenkins allows selectively disabling cross-site request forgery (CSRF) protection for specific URLs.
Implementations of that extension point received a different representation of the URL path than the Stapler web framework uses to dispatch requests in Jenkins 2.227 and earlier, LTS 2.204.5 and earlier. This discrepancy allowed attackers to craft URLs that would bypass the CSRF protection of any target URL.
Jenkins now uses the same representation of the URL path to decide whether CSRF protection is needed for a given URL as the Stapler web framework uses.
In case of problems, administrators can disable this security fix by setting the system property `hudson.security.csrf.CrumbFilter.UNPROCESSED_PATHINFO` to `true`.
As an ad
GHSA
Cross-Site Request Forgery in Jenkins
ghsa·2022-05-24
CVE-2020-2160 [HIGH] CWE-352 Cross-Site Request Forgery in Jenkins
Cross-Site Request Forgery in Jenkins
An extension point in Jenkins allows selectively disabling cross-site request forgery (CSRF) protection for specific URLs.
Implementations of that extension point received a different representation of the URL path than the Stapler web framework uses to dispatch requests in Jenkins 2.227 and earlier, LTS 2.204.5 and earlier. This discrepancy allowed attackers to craft URLs that would bypass the CSRF protection of any target URL.
Jenkins now uses the same representation of the URL path to decide whether CSRF protection is needed for a given URL as the Stapler web framework uses.
In case of problems, administrators can disable this security fix by setting the system property `hudson.security.csrf.CrumbFilter.UNPROCESSED_PATHINFO` to `true`.
As an ad
CVEList
CVE-2020-2160: Jenkins 2
cvelistv5·2020-03-25·CVSS 8.8
CVE-2020-2160 [HIGH] CVE-2020-2160: Jenkins 2
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
No detection rules found.
No public exploits indexed.
2020-03-25
Published