Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
{ "severity": "High", "cpes": [ "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*" ] }