PT-2020-15518 · Jenkins · Jenkins Audit Trail Plugin+1
Wadeck Follonier
·
Published
2020-10-08
·
Updated
2023-10-25
·
CVE-2020-2288
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Audit Trail Plugin versions 3.6 and earlier
Description
The default regular expression pattern in the Jenkins Audit Trail Plugin could be bypassed by adding a suffix to the URL that would be ignored during request handling. This issue affects how the plugin matches requested URLs for logging purposes. The plugin uses regular expressions for this matching.
Recommendations
For Jenkins Audit Trail Plugin versions 3.6 and earlier, update to version 3.7 or later, which changes the default regular expression pattern to allow for arbitrary suffixes and automatically replaces previous default patterns with the new one.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Audit Trail Plugin