Improper Interaction Between Multiple Correctly-Behaving Entities

CVE-2020-2287

Medium

5.3/10

Summary

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-435 - Improper Interaction Between Multiple Correctly-Behaving Entities

An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses.

References

Advisory
Advisory
Mail Thread

Advisory Timeline

Published Oct 08, 2020

Improper Interaction Between Multiple Correctly-Behaving Entities

CVE-2020-2287

Summary

CWE-435 - Improper Interaction Between Multiple Correctly-Behaving Entities

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS