CVE-2018-1999033: Information Exposure

August 1, 2018 (updated November 26, 2019)

An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in the plugin configuration.

References

nvd.nist.gov/vuln/detail/CVE-2018-1999033

Detect and mitigate CVE-2018-1999033 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →