Maven package
org.jenkins-ci.plugins/audit-trail
pkg:maven/org.jenkins-ci.plugins/audit-trail
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-2288 | — | < 3.7 | 3.7 | Oct 8, 2020 | In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling. | ||
| CVE-2020-2287 | — | < 3.7 | 3.7 | Oct 8, 2020 | Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL. | ||
| CVE-2020-2140 | — | < 3.3 | 3.3 | Mar 9, 2020 | Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. |
- CVE-2020-2288Oct 8, 2020affected < 3.7fixed 3.7
In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling.
- CVE-2020-2287Oct 8, 2020affected < 3.7fixed 3.7
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.
- CVE-2020-2140Mar 9, 2020affected < 3.3fixed 3.3
Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.