CVE-2017-1000401: Improper Input Validation
(updated )
The Jenkins default form control for passwords and other secrets, <f:password/>
, supports form validation. The form validation AJAX requests were sent via GET, which could result in secrets being logged to an HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files.
References
Detect and mitigate CVE-2017-1000401 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →