PT-2018-9366 · Jenkins · Jenkins Black Duck Hub Plugin+1

Daniel Beck

Published

2018-06-05

Updated

2022-05-13

CVE-2018-1000197

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Black Duck Hub Plugin versions 3.0.3 and older

Description An improper authorization issue exists in the PostBuildScanDescriptor.java file, allowing users with Overall/Read permission to read and write the Black Duck Hub plugin configuration.

Recommendations For Jenkins Black Duck Hub Plugin versions 3.0.3 and older, update to a version newer than 3.0.3 to resolve the issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2018-1000197

GHSA-CRVQ-MW2W-4CFX

Affected Products

Jenkins

Jenkins Black Duck Hub Plugin

PT-2018-9366 · Jenkins · Jenkins Black Duck Hub Plugin+1

CVE-2018-1000197

Weakness Enumeration

Related Identifiers

Affected Products

References · 4