CVE-2019-10436: Information Exposure

October 16, 2019 (updated October 21, 2019)

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials allows attackers, who are able to configure jobs and credentials in Jenkins, to obtain the contents of any file on the Jenkins master.

References

jenkins.io/security/advisory/2019-10-16/
nvd.nist.gov/vuln/detail/CVE-2019-10436

Detect and mitigate CVE-2019-10436 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →