First published: Thu Oct 08 2020(Updated: )
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Audit Trail | <=3.6 | |
maven/org.jenkins-ci.plugins:audit-trail | <3.7 | 3.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-2287 is a vulnerability that affects Jenkins Audit Trail Plugin 3.6 and earlier.
The severity of CVE-2020-2287 is medium with a score of 5.3.
CVE-2020-2287 allows attackers to craft URLs that bypass request logging of any target URL in Jenkins Audit Trail Plugin 3.6 and earlier.
To fix CVE-2020-2287, you should update Jenkins Audit Trail Plugin to version 3.7 or later.
You can find more information about CVE-2020-2287 at the following references: - [Openwall](http://www.openwall.com/lists/oss-security/2020/10/08/5) - [Jenkins Security Advisory](https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1815)