Moderate severityNVD Advisory· Published Oct 8, 2020· Updated Aug 4, 2024
CVE-2020-2287
CVE-2020-2287
Description
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:audit-trailMaven | < 3.7 | 3.7 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-rpj6-2q8r-98f8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-2287ghsaADVISORY
- www.openwall.com/lists/oss-security/2020/10/08/5ghsamailing-listx_refsource_MLISTWEB
- github.com/jenkinsci/audit-trail-plugin/commit/329c6090c1c444a16e95757e537b0cbb2347a9f4ghsaWEB
- www.jenkins.io/security/advisory/2020-10-08/ghsax_refsource_CONFIRMWEB
News mentions
1- Jenkins Security Advisory 2020-10-08Jenkins Security Advisories · Oct 8, 2020