CVE-2020-2160

CVE-2020-2160

EPSS 2.0%

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

Affected products

Jenkins project · Jenkins

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1774 http://www.openwall.com/lists/oss-security/2020/03/25/2