CVE-2017-2598: Inadequate Encryption Strength
(updated )
Jenkins uses AES ECB
block cipher mode without an IV
for encrypting secrets, which makes Jenkins and the stored secrets vulnerable to unnecessary risks.
References
Detect and mitigate CVE-2017-2598 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →