CVE-2017-1000398: Information Exposure

January 26, 2018 (updated May 8, 2019)

The remote API in Jenkins shows information about tasks (typically builds) currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g., due to lack of Item/Read permission.

References

jenkins.io/security/advisory/2017-10-11/
nvd.nist.gov/vuln/detail/CVE-2017-1000398

Detect and mitigate CVE-2017-1000398 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →