CVE-2018-1000144: Cross-site Scripting

April 5, 2018 (updated May 15, 2018)

A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these files to attack Jenkins users.

References

jenkins.io/security/advisory/2018-03-26/
nvd.nist.gov/vuln/detail/CVE-2018-1000144

Detect and mitigate CVE-2018-1000144 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →