5 matches found
CVE-2017-1000197
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server...
CVE-2018-1000197
An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration...
CVE-2018-1000197
An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration...
CVE-2018-1000197
The CVE-2018-1000197 entry describes an improper authorization vulnerability in Jenkins Black Duck Hub Plugin (versions 3.0.3 and older) where a user with Overall/Read permission can read and write the plugin’s configuration via PostBuildScanDescriptor.java. Publicly documented details across mul...
CVE-2017-1000197
CVE-2017-1000197 affects October CMS 1.x build 412, where the asset move function allows file path modification, enabling creation of malicious files on the server. Root cause centers on insecure path handling during asset operations. NVD metrics show CVSSv2 7.5 (HIGH) and CVSSv3 9.8 (CRITICAL) w...