CVE-2018-1000198 — XML External Entity (XXE) Injection in Jenkins Black Duck HUB
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 80.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 5
Latest updateMay 14
Description
A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages1 packages
🔴Vulnerability Details
3CVEList▶
CVE-2018-1000198: A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3↗2018-06-05