VYPR

Maven package

com.blackducksoftware.integration/blackduck-hub

pkg:maven/com.blackducksoftware.integration/blackduck-hub

Vulnerabilities (3)

  • CVE-2018-1000198MedJun 5, 2018
    affected < 4.0.0fixed 4.0.0

    A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document.

  • CVE-2018-1000197HigJun 5, 2018
    affected < 3.1.0fixed 3.1.0

    An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration.

  • CVE-2018-1000190MedJun 5, 2018
    affected < 4.0.1fixed 4.0.1

    A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained throu