CVE-2018-1999038: Unintended Proxy or Intermediary (Confused Deputy)

August 1, 2018 (updated October 15, 2018)

A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.

References

jenkins.io/security/advisory/2018-07-30/
nvd.nist.gov/vuln/detail/CVE-2018-1999038

Detect and mitigate CVE-2018-1999038 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →