CVE-2018-1999002: Improper Input Validation

July 23, 2018 (updated March 5, 2019)

An arbitrary file read vulnerability exists in Jenkins, Stapler allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

References

jenkins.io/security/advisory/2018-07-18/
nvd.nist.gov/vuln/detail/CVE-2018-1999002
www.exploit-db.com/exploits/46453/

Code Behaviors & Features

Detect and mitigate CVE-2018-1999002 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →