Black Duck Hub

black_duck_hub

Vendor: Jenkins • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-1000198 1Jenkins 1Black Duck Hub Nov 21, 2024 Jun 5, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eterna...Show more A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document.Show less
CVE-2018-1000197 1Jenkins 1Black Duck Hub Nov 21, 2024 Jun 5, 2018 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin c...Show more An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration.Show less
CVE-2018-1000190 1Jenkins 1Black Duck Hub Nov 21, 2024 Jun 5, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified...Show more A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less