CVE-2017-2600: Information Exposure

May 15, 2018 (updated October 9, 2019)

In Jenkins, monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes.

References

www.securityfocus.com/bid/95954
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600
jenkins.io/security/advisory/2017-02-01/
nvd.nist.gov/vuln/detail/CVE-2017-2600

Detect and mitigate CVE-2017-2600 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →