Cross site request forgery (csrf)

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL...

PT-2020-2655 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.227 and earlier Jenkins LTS versions 2.204.5 and earlier Description: The issue is related to improper processing of HTML content in list view column headers, resulting in a stored XSS vulnerability. This vulnerability can ...