CVE-2019-10367: Inclusion of Sensitive Information in Log Files

August 7, 2019 (updated October 9, 2019)

Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin does not properly apply masking to some values expected to be hidden when logging the configuration being applied.

References

jenkins.io/security/advisory/2019-08-07/
nvd.nist.gov/vuln/detail/CVE-2019-10367

Detect and mitigate CVE-2019-10367 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →