← back
CVE-2020-2287

CVE-2020-2287

EPSS 1.2%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Oct 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.
Affected products
Jenkins project · Jenkins Audit Trail Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1815http://www.openwall.com/lists/oss-security/2020/10/08/5