CVE-2018-1000198

2018-06-0521:29:00

Google

osv.dev

0.001 Low

EPSS

Percentile

28.6%

JSON

A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document.

CPENameOperatorVersion
blackduck-hub-plugineq3.0.3
blackduck-hub-plugineq2.3.1
blackduck-hub-plugineqrelease/INT_HUB_JENKINS_1_5_1
blackduck-hub-plugineq3.1.0
blackduck-hub-plugineq3.0.2
blackduck-hub-plugineqrelease/INT_HUB_JENKINS_1_5_2
blackduck-hub-plugineq2.3.3
blackduck-hub-plugineq2.3.2
blackduck-hub-plugineq3.0.0
blackduck-hub-plugineq2.2.1

Name	Operator	Version
blackduck-hub-plugin	eq	3.0.3
blackduck-hub-plugin	eq	2.3.1
blackduck-hub-plugin	eq	release/INT_HUB_JENKINS_1_5_1
blackduck-hub-plugin	eq	3.1.0
blackduck-hub-plugin	eq	3.0.2
blackduck-hub-plugin	eq	release/INT_HUB_JENKINS_1_5_2
blackduck-hub-plugin	eq	2.3.3
blackduck-hub-plugin	eq	2.3.2
blackduck-hub-plugin	eq	3.0.0
blackduck-hub-plugin	eq	2.2.1