CVE-2018-1999001: Improper Input Validation

July 23, 2018 (updated October 3, 2019)

An unauthorized modification of configuration vulnerability exists in Jenkins, in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory.

References

jenkins.io/security/advisory/2018-07-18/
nvd.nist.gov/vuln/detail/CVE-2018-1999001

Detect and mitigate CVE-2018-1999001 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →