Lucene search

MitreCVE-2018-1000197

HistoryJun 05, 2018 - 9:29 p.m.

CVE-2018-1000197

2018-06-0521:29:00

CWE-863

mitre

web.nvd.nist.gov

cve

2018

1000197

jenkins

black duck hub plugin

vulnerability

authorization

nvd

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration.

Affected configurations

Nvd

Node

jenkinsblack_duck_hubRange≤3.0.3jenkins

VendorProductVersionCPE
jenkinsblack_duck_hub*cpe:2.3:a:jenkins:black_duck_hub:*:*:*:*:*:jenkins:*:*

Vendor	Product	Version	CPE
jenkins	black_duck_hub	*	cpe:2.3:a:jenkins:black_duck_hub::::::jenkins::*

References

jenkins.io/security/advisory/2018-05-09/#SECURITY-670

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

Related for CVE-2018-1000197