CVE-2018-1000152: Incorrect Authorization

April 5, 2018 (updated October 3, 2019)

An improper authorization vulnerability exists in the Jenkins vSphere Plugin that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server (test connection).

References

jenkins.io/security/advisory/2018-03-26/
nvd.nist.gov/vuln/detail/CVE-2018-1000152

Detect and mitigate CVE-2018-1000152 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →