CVE-2017-1000399: Information Exposure
(updated )
The Jenkins remote API at /queue/item/(ID)/api
showed information about tasks in the queue (typically builds waiting to start). This included information about tasks that the current user otherwise has no access.
References
Detect and mitigate CVE-2017-1000399 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →