vulnerability

Jenkins Advisory 2018-05-09: CVE-2018-1000197: Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:S/C:P/I:P/A:N)	Jun 5, 2018	Jan 21, 2019	Aug 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:N)

Published

Jun 5, 2018

Added

Jan 21, 2019

Modified

Aug 11, 2025

Description

An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration.

Solutions

jenkins-lts-upgrade-2_107_3jenkins-upgrade-2_121

References

CVE-2018-100019
https://attackerkb.com/topics/CVE-2018-100019
CWE-863
URL-https://jenkins.io/security/advisory/2018-05-09/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today