CVE-2019-10246: Information Exposure

April 22, 2019 (updated October 9, 2019)

In Eclipse Jetty, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.

References

bugs.eclipse.org/bugs/show_bug.cgi?id=546576
nvd.nist.gov/vuln/detail/CVE-2019-10246

Code Behaviors & Features

Detect and mitigate CVE-2019-10246 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →