BIT-jenkins-2020-2160

Import Source

https://github.com/bitnami/vulndb/tree/main/data/jenkins/BIT-jenkins-2020-2160.json

Aliases

CVE-2020-2160
GHSA-c735-g9f2-2mvp

Published

2024-03-06T11:06:01.677Z

Modified

2024-03-06T11:25:28.861Z

Details

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

References

http://www.openwall.com/lists/oss-security/2020/03/25/2
https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1774

Affected packages

Bitnami / jenkins

Package

Name: jenkins

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.204.5

Introduced

0The exact introduced commit is unknown

Fixed

2.227.0