CVE-2020-2160: Cross-Site Request Forgery (CSRF)

March 25, 2020 (updated March 30, 2020)

Jenkins uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

References

jenkins.io/security/advisory/2020-03-25/
nvd.nist.gov/vuln/detail/CVE-2020-2160

Code Behaviors & Features

Detect and mitigate CVE-2020-2160 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →