XSS vulnerability in Jenkins Audit Trail Plugin

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. Audit Trail Plugin 3.3 escapes the affected part of the error message...

GHSA-CJ2G-WWFV-MVJH XSS vulnerability in Jenkins Audit Trail Plugin

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. Audit Trail Plugin 3.3 escapes the affected part of the error message...

Request logging bypass in Jenkins Audit Trail Plugin

Audit Trail Plugin logs requests whose URL path matches an admin-configured regular expression. A discrepancy between the behavior of the plugin and the Stapler web framework in parsing URL paths allows attackers to craft URLs that would bypass request logging in Audit Trail Plugin 3.6 and earlie...

GHSA-RPJ6-2Q8R-98F8 Request logging bypass in Jenkins Audit Trail Plugin

Audit Trail Plugin logs requests whose URL path matches an admin-configured regular expression. A discrepancy between the behavior of the plugin and the Stapler web framework in parsing URL paths allows attackers to craft URLs that would bypass request logging in Audit Trail Plugin 3.6 and earlie...

CloudBees Jenkins Audit Trail Plugin Resource Management Error Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit Trail Plugin is used in one of the audi...

CloudBees Jenkins Role-based Authorization Strategy Plugin Privilege Obsolete Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit Trail Plugin is used in one of the audi...

CVE-2020-2287

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...

CVE-2020-2287

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...

CVE-2020-2287

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...

CVE-2020-2288

In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling...

CVE-2020-2287

CVE-2020-2287 affects the Jenkins Audit Trail Plugin (versions 3.6 and earlier). The vulnerability arises from how the plugin parses URL paths, using a different representation than the Stapler web framework, which can let an attacker craft URLs that bypass request logging for any target URL. The...

CVE-2020-2288

Jenkins Audit Trail Plugin (versions ≤ 3.6) contains a flaw where the default regular expression used to match URLs can be bypassed by appending arbitrary suffixes to requests, causing those requests to be ignored during handling. The issue is addressed in 3.7 and later; upgrading to 3.7+ is reco...

PT-2020-15517 · Jenkins · Stapler +2

Name of the Vulnerable Software and Affected Versions: Jenkins Audit Trail Plugin versions 3.6 and earlier Description: The issue arises from a discrepancy in how the Audit Trail Plugin and the Stapler web framework parse URL paths, allowing attackers to craft URLs that bypass request logging. Th...

PT-2020-15518 · Jenkins · Jenkins Audit Trail Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Audit Trail Plugin versions 3.6 and earlier Description: The default regular expression pattern in the Jenkins Audit Trail Plugin could be bypassed by adding a suffix to the URL that would be ignored during request handling. This issu...

CVE-2020-2140

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability...

CVE-2020-2140

CVE-2020-2140 affects Jenkins Audit Trail Plugin (versions 3.2 and earlier). The vulnerability is a reflected cross-site scripting due to improper escaping in the URL Patterns field form validation. Exploitation could allow injection of malicious scripts via the error message. The issue is docume...

CVE-2020-2140

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability...