CVE-2019-10362: Improper Input Validation

July 31, 2019 (updated October 9, 2019)

Jenkins Configuration as Code Plugin does not not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables.

References

jenkins.io/security/advisory/2019-07-31/
nvd.nist.gov/vuln/detail/CVE-2019-10362

Code Behaviors & Features

Detect and mitigate CVE-2019-10362 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →