CVE-2017-1000242: Exposure of Sensitive Information to an Unauthorized Actor

May 17, 2022 (updated June 2, 2022)

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure

References

www.securityfocus.com/bid/101940
github.com/advisories/GHSA-fcxw-hhxq-48wx
github.com/jenkinsci/git-client-plugin/commit/75ea3fe05650fc6ca09046a72493e2b3f066fb98
jenkins.io/security/advisory/2017-04-27/
nvd.nist.gov/vuln/detail/CVE-2017-1000242

Code Behaviors & Features

Detect and mitigate CVE-2017-1000242 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →