CSRF Protection Bypass in Jenkins 2.227 and Earlier

CSRF Protection Bypass in Jenkins 2.227 and Earlier

CVE-2020-2160 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

Learn more about our Web Application Penetration Testing UK.