CVE-2018-1999007: Cross-site Scripting

July 23, 2018 (updated September 19, 2018)

A cross-site scripting vulnerability exists in Jenkins that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user’s browser when that other user views HTTPerror pages while Stapler debug mode is enabled.

References

jenkins.io/security/advisory/2018-07-18/
nvd.nist.gov/vuln/detail/CVE-2018-1999007

Code Behaviors & Features

Detect and mitigate CVE-2018-1999007 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →