CVE-2018-1999007: Cross-site Scripting
(updated )
A cross-site scripting vulnerability exists in Jenkins that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user’s browser when that other user views HTTPerror
pages while Stapler debug mode is enabled.
References
Detect and mitigate CVE-2018-1999007 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →