CNNVD-202511-2381 Information
Nov 21, 2025
cve
CNNVD ID
CNNVD-202511-2381
Related CVE
- CNNVD Published: 2025-11-21
Description (Chinese)
Black Duck SCA是美国Black Duck公司的一个软件组成分析工具。 Black Duck SCA 2025.10.0之前版本存在安全漏洞,该漏洞源于用户角色权限配置过于宽泛,可能导致未经授权的项目配置更改或访问敏感信息。
Description (English)
Black Duck SCA is a software component analysis tool for Black Duck in the United States. There was a security loophole in the pre-Black Duck SCA 2025.10.0, which stemmed from the too broad user-role configuration, which could lead to unauthorized project configuration changes or access to sensitive information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Black Duck
Published
2025-11-21
Last Modified
2026-02-24
References
https://community.blackduck.com/s/article/Black-Duck-Product-Security-Advisory-CVE-2025-0504 https://access.redhat.com/security/cve/cve-2025-0504
Patch
https://community.blackduck.com/s/
Share on: