cbcvebase.
CVE-2020-2287
published 2020-10-08

CVE-2020-2287: Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for…

medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
1.16%
63.1th percentile
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

Affected

12 ranges
VendorProductVersion rangeFixed in
jenkinsactive_choices_plugin
jenkinsaudit_trail_plugin
jenkinsincorrect_default_pattern_in_audit_trail_plugin
jenkinsmaven_cascade_release_plugin
jenkinsnerrvana_plugin
jenkinspersona_plugin
jenkinsrelease_plugin
jenkinsrequest_logging_could_be_bypassed_in_audit_trail_plugin
jenkinsrole-based_authorization_strategy_plugin
jenkinsshared_objects_plugin
jenkinssms_notification_plugin
jenkins_projectjenkins_audit_trail_pluginunspecified – 3.6

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
cvelistv55.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.