Lucene search

PRIOn knowledge basePRION:CVE-2020-2160

HistoryMar 25, 2020 - 5:15 p.m.

Cross site request forgery (csrf)

2020-03-2517:15:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

CPENameOperatorVersion
jenkinsle2.204.5
jenkinsle2.227

CPE	Name	Operator	Version
	jenkins	le	2.204.5
	jenkins	le	2.227

References

www.openwall.com/lists/oss-security/2020/03/25/2

jenkins.io/security/advisory/2020-03-25/