CVE-2020-2160
Description
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.197
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2020-2160,CVE-2020-2161,CVE-2020-2162,CVE-2020-2163 are affected in Jenkins 2.227 | Windows |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160 are fixed in Jenkins-Core 2.204.6 | Windows |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160,CVE-2020-2162 are fixed in Jenkins-Core 204 | Windows |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160,CVE-2020-2162 are fixed in Jenkins-Core 222 | Windows |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160,CVE-2020-2162 are fixed in Jenkins-Core 2.228 | Windows |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160 are fixed in Jenkins-Core for Linux 2.204.6 | Linux |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160,CVE-2020-2162 are fixed in Jenkins-Core for Linux 204 | Linux |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160,CVE-2020-2162 are fixed in Jenkins-Core for Linux 222 | Linux |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160,CVE-2020-2162 are fixed in Jenkins-Core for Linux 2.228 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234