Vulnerability Details CVE-2020-2287
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.1%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2020-2287
-
cpe:2.3:a:jenkins:audit_trail:-
-
cpe:2.3:a:jenkins:audit_trail:1.0
-
cpe:2.3:a:jenkins:audit_trail:1.1
-
cpe:2.3:a:jenkins:audit_trail:1.2
-
cpe:2.3:a:jenkins:audit_trail:1.3
-
cpe:2.3:a:jenkins:audit_trail:1.4
-
cpe:2.3:a:jenkins:audit_trail:1.5
-
cpe:2.3:a:jenkins:audit_trail:1.6
-
cpe:2.3:a:jenkins:audit_trail:1.7
-
cpe:2.3:a:jenkins:audit_trail:1.8
-
cpe:2.3:a:jenkins:audit_trail:2.0
-
cpe:2.3:a:jenkins:audit_trail:2.1
-
cpe:2.3:a:jenkins:audit_trail:2.2
-
cpe:2.3:a:jenkins:audit_trail:2.3
-
cpe:2.3:a:jenkins:audit_trail:2.4
-
cpe:2.3:a:jenkins:audit_trail:2.5
-
cpe:2.3:a:jenkins:audit_trail:2.6
-
cpe:2.3:a:jenkins:audit_trail:3.0
-
cpe:2.3:a:jenkins:audit_trail:3.1
-
cpe:2.3:a:jenkins:audit_trail:3.2
-
cpe:2.3:a:jenkins:audit_trail:3.3
-
cpe:2.3:a:jenkins:audit_trail:3.4
-
cpe:2.3:a:jenkins:audit_trail:3.5
-
cpe:2.3:a:jenkins:audit_trail:3.6