CVE-2020-2160

Summary

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkinsunspecified <= 2.227affected
Jenkins projectJenkinsunspecified <= LTS 2.204.5affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References