CVE-2019-10320: File and Directory Information Exposure

May 21, 2019 (updated June 11, 2019)

Jenkins Credentials Plugin allows users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.

References

jenkins.io/security/advisory/2019-05-21/
nvd.nist.gov/vuln/detail/CVE-2019-10320

Code Behaviors & Features

Detect and mitigate CVE-2019-10320 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →