CVE-2020-2287 — MEDIUM (5.3)

Q: How severe is CVE-2020-2287?

CVE-2020-2287 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-2287?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Audit Trail.

Vulnerability Description

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Jenkins	Audit Trail	<= 3.6

References

http://www.openwall.com/lists/oss-security/2020/10/08/5Third Party Advisory
https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1815Vendor Advisory
http://www.openwall.com/lists/oss-security/2020/10/08/5Third Party Advisory
https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1815Vendor Advisory

FAQ

What is CVE-2020-2287?

CVE-2020-2287 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attack...

How severe is CVE-2020-2287?

CVE-2020-2287 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-2287?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Audit Trail.