CVE-2020-2287

Improper Interaction Between Multiple Correctly-Behaving Entities in maven/org.jenkins-ci.plugins/audit-trail

Identifiers

CVE-2020-2287

Package Slug

maven/org.jenkins-ci.plugins/audit-trail

Vulnerability

Improper Interaction Between Multiple Correctly-Behaving Entities

Description

Jenkins Audit Trail Plugin applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

Affected Versions

All versions up to 3.6

Solution

Upgrade to version 3.7 or above.

Last Modified

2020-10-22

source