CVE-2019-1003011: Improper Input Validation

February 6, 2019 (updated October 9, 2019)

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin which allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.

References

jenkins.io/security/advisory/2019-01-28/
nvd.nist.gov/vuln/detail/CVE-2019-1003011

Code Behaviors & Features

Detect and mitigate CVE-2019-1003011 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →