CVE-2019-10365: Exposure of Resource to Wrong Sphere

May 24, 2022 (updated March 3, 2023)

Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.

References

www.openwall.com/lists/oss-security/2019/07/31/1
github.com/advisories/GHSA-xw4c-9434-3f7p
jenkins.io/security/advisory/2019-07-31/
nvd.nist.gov/vuln/detail/CVE-2019-10365

Detect and mitigate CVE-2019-10365 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →