CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000191

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.6%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

Products affected by CVE-2018-1000191

Jenkins » Synopsys Detect » Version: 1.0.0

cpe:2.3:a:jenkins:synopsys_detect:1.0.0
Jenkins » Synopsys Detect » Version: 1.0.1

cpe:2.3:a:jenkins:synopsys_detect:1.0.1
Jenkins » Synopsys Detect » Version: 1.0.2

cpe:2.3:a:jenkins:synopsys_detect:1.0.2
Jenkins » Synopsys Detect » Version: 1.1.0

cpe:2.3:a:jenkins:synopsys_detect:1.1.0
Jenkins » Synopsys Detect » Version: 1.2.0

cpe:2.3:a:jenkins:synopsys_detect:1.2.0
Jenkins » Synopsys Detect » Version: 1.3.0

cpe:2.3:a:jenkins:synopsys_detect:1.3.0
Jenkins » Synopsys Detect » Version: 1.4.0

cpe:2.3:a:jenkins:synopsys_detect:1.4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000191

Products

Pricing

Contact Us