CVE-2018-1000153: Cross-Site Request Forgery (CSRF)

April 5, 2018 (updated May 15, 2018)

A cross-site request forgery vulnerability exists in Jenkins vSphere that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server (test connection).

References

jenkins.io/security/advisory/2018-03-26/
nvd.nist.gov/vuln/detail/CVE-2018-1000153

Detect and mitigate CVE-2018-1000153 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →