CVE-2020-2160

CVE-2020-2160

EPSS 2.0%

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

Productos afectados

Jenkins project · Jenkins

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1774 http://www.openwall.com/lists/oss-security/2020/03/25/2