CVE-2018-1000068: Improper Input Validation

February 16, 2018 (updated March 15, 2018)

An improper input validation vulnerability in Jenkins allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.

References

www.securityfocus.com/bid/103101
jenkins.io/security/advisory/2018-02-14/
nvd.nist.gov/vuln/detail/CVE-2018-1000068

Detect and mitigate CVE-2018-1000068 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →