CVE-2020-2160
HIGH8.8EPSS 0.21%Cross-Site Request Forgery in Jenkins
發布日:2022/5/24修改日:2025/4/3
描述
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
受影響套件(2)
- Bitnami/jenkinsfrom 0, < 2.227.1
- Maven/org.jenkins-ci.main:jenkins-corefrom 0, < 2.204.6
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-2160
- PATCHhttps://github.com/jenkinsci/jenkins
- WEBhttps://github.com/jenkinsci/jenkins/commit/f479652171f4ab854747de64b22bf59adb35fb8f
- WEBhttps://github.com/jenkinsci/jenkins/commit/f7cf28355973df1ca6eb19066370bf70b10742f7
- WEBhttps://jenkins.io/security/advisory/2020-03-25/#SECURITY-1774
- WEBhttp://www.openwall.com/lists/oss-security/2020/03/25/2