CVE-2018-1000863: Path Traversal

December 10, 2018 (updated October 3, 2019)

A data modification vulnerability exists in Jenkins in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins.

References

www.securityfocus.com/bid/106176
jenkins.io/security/advisory/2018-12-05/
nvd.nist.gov/vuln/detail/CVE-2018-1000863

Code Behaviors & Features

Detect and mitigate CVE-2018-1000863 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →