1. CVE-Search
  2. CVE-2020-2288
ID CVE-2020-2288
Summary In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:audit_trail:-:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:-:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:1.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:1.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:1.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:1.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:1.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:1.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:1.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:1.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:1.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:1.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:1.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:1.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:2.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:2.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:2.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:2.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:2.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:2.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:2.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:2.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:2.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:2.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:3.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:3.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:3.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:3.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:3.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:3.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:3.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:3.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:audit_trail:3.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:audit_trail:3.6:*:*:*:*:jenkins:*:*
CVSS
Base: 5.0 (as of 25-10-2023 - 18:16)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
confirm https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1846
mlist [oss-security] 20201008 Multiple vulnerabilities in Jenkins plugins
Last major update 25-10-2023 - 18:16
Published 08-10-2020 - 13:15
Last modified 25-10-2023 - 18:16
Back to Top