CVE-2020-2288

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-2288

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-2288.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-2288

Aliases

GHSA-7v9p-34r2-q668

Published

2020-10-08T13:15:11.487Z

Modified

2025-11-20T11:21:00.366825Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling.

References

Affected packages

Git / github.com/jenkinsci/audit-trail-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/audit-trail-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

47409f534d0f7ccad3d8ca3d5e513197115f46f2

Affected versions

audit-trail-1.*

audit-trail-1.5

audit-trail-1.6

audit-trail-1.7

audit-trail-1.8

audit-trail-2.*

audit-trail-2.0

audit-trail-2.1

audit-trail-2.2

audit-trail-2.3

audit-trail-2.4

audit-trail-2.5

audit-trail-2.6

audit-trail-3.*

audit-trail-3.0

audit-trail-3.1

audit-trail-3.2

audit-trail-3.3

audit-trail-3.4

audit-trail-3.5

audit-trail-3.6

Other

untagged-a8c88dd4efbbeeac7445

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-2288.json"