CVE-2018-1000177: Cross-site Scripting

May 8, 2018 (updated June 13, 2018)

A cross-site scripting vulnerability in the Jenkins S3 Plugin allows attackers to define file names containing JavaScript that would be executed in another user’s browser when that user performs some UI actions.

References

jenkins.io/security/advisory/2018-04-16/
nvd.nist.gov/vuln/detail/CVE-2018-1000177

Code Behaviors & Features

Detect and mitigate CVE-2018-1000177 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →