CVE-2018-1000607: Improper Input Validation

June 26, 2018 (updated August 23, 2018)

A vulnerability exists in the Jenkins Fortify CloudScan Plugin that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as.

References

jenkins.io/security/advisory/2018-06-25/
nvd.nist.gov/vuln/detail/CVE-2018-1000607

Detect and mitigate CVE-2018-1000607 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →