CVE-2018-1000190

Published: Jun 5, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected (1)

Products: Jenkins: Black Duck Hub

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Black Duck Hub	Up to 4.0.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://jenkins.io/security/advisory/2018-06-04/#SECURITY-865

Source: cve@mitre.org

Vendor Advisory

https://jenkins.io/security/advisory/2018-06-04/#SECURITY-865

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.