CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30278
https://notcve.org/view.php?id=CVE-2022-30278
10 May 2022 — A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. The vulnerability is due to improper validation of user-supplied input to MadCap Flare's framework embedded within Black Duck Hub's Help Documentation to supply content. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attac... • https://www.synopsys.com/blogs/software-security/cyrc-advisory-cross-site-scripting-vulnerability-black-duck-hub • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000198
https://notcve.org/view.php?id=CVE-2018-1000198
05 Jun 2018 — A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document. Existe una vulnerabilidad de procesamiento de entidades externas XML en el plugin Black Duck Hub 3.1.0 y anteriores de Jenkins en PostBuildScanDescriptor.java que permite que los atacantes con permiso Overall/Read hagan que Jenkins procese entidades externas XM... • https://jenkins.io/security/advisory/2018-05-09/#SECURITY-671 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000197
https://notcve.org/view.php?id=CVE-2018-1000197
05 Jun 2018 — An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration. Existe una vulnerabilidad de autorización incorrecta en el plugin Black Duck Hub 3.0.3 y anteriores de Jenkins en PostBuildScanDescriptor.java que permite que los usuarios con permiso Overall/Read lean y escriban en la configuración del plugin Black Duck Hub. • https://jenkins.io/security/advisory/2018-05-09/#SECURITY-670 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000190
https://notcve.org/view.php?id=CVE-2018-1000190
05 Jun 2018 — A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Existe una vulnerabilidad de exposición de información sensible en el plugin Black Duck Hub 4.0.0 y anteriores de Jenkins en PostBuildScanDescriptor.java que permite que lo... • https://jenkins.io/security/advisory/2018-06-04/#SECURITY-865 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •