CVE-2020-2287: Improper Interaction Between Multiple Correctly-Behaving Entities

October 8, 2020 (updated October 16, 2020)

Jenkins Audit Trail Plugin applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

References

nvd.nist.gov/vuln/detail/CVE-2020-2287
www.jenkins.io/security/advisory/2020-10-08/

Detect and mitigate CVE-2020-2287 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →