vulnerability
Jenkins Advisory 2018-05-09: CVE-2018-1000197: Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:S/C:P/I:P/A:N) | Jun 5, 2018 | Jan 21, 2019 | Mar 27, 2026 |
Severity
6
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
Published
Jun 5, 2018
Added
Jan 21, 2019
Modified
Mar 27, 2026
Description
An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration.
Solutions
jenkins-lts-upgrade-2_107_3jenkins-upgrade-2_121
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.