CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6149 – Possible XXE vulnerability in Jenkins Plugin for Qualys Web Application Security
https://notcve.org/view.php?id=CVE-2023-6149
09 Jan 2024 — Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data Se ide... • https://www.qualys.com/security-advisories • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6148 – Possible XSS vulnerability in Jenkins Plugin for Qualys Policy Compliance
https://notcve.org/view.php?id=CVE-2023-6148
09 Jan 2024 — Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing t... • http://www.openwall.com/lists/oss-security/2024/01/24/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6147 – Possible XXE vulnerability in Jenkins Plugin for Qualys Policy Compliance
https://notcve.org/view.php?id=CVE-2023-6147
09 Jan 2024 — Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the respons... • http://www.openwall.com/lists/oss-security/2024/01/24/6 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6146 – Stored XSS Vulnerability in QualysGuard VM/PC
https://notcve.org/view.php?id=CVE-2023-6146
08 Dec 2023 — A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details. Se descubrió que una aplicación web Qualys tenía una vulnerabilidad XSS almacenada resultante de la ausencia de codificación HTML en la presentación de la información de registro a los usuarios. Esta vulnerabilidad permitió a un... • https://www.qualys.com/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4777 – Incorrect Permission Assignment on Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier
https://notcve.org/view.php?id=CVE-2023-4777
08 Sep 2023 — An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. Una comprobación de permisos incorrecta en Qualys Container Scanning Connector Plugin 1.6.2.6 y versiones an... • https://www.qualys.com/security-advisories • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28143 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-28143
18 Apr 2023 — Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) versions. Attackers may exploit incorrect file permissions to give them ROOT command execution privileges on the host. During the install of the PKG, a step in the process involves extracting the package and copying files to several directories. Attackers may gain writable access to files during the install of P... • https://qualys.com/security-advisories • CWE-426: Untrusted Search Path •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28142 – Race Condition
https://notcve.org/view.php?id=CVE-2023-28142
18 Apr 2023 — A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on that asset to run arbitrary commands. At the time of this disclosure, versions before 4.0 are classified as End of Life. A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3... • https://www.qualys.com/security-advisories • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28141 – NTFS Junction
https://notcve.org/view.php?id=CVE-2023-28141
18 Apr 2023 — An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or otherwise on unauthorized files, allowing for the potential modification or deletion of sensitive files limited only to that specific directory/file object. This vulnerability is bounded to the time of installation/uninstallation and can on... • https://www.qualys.com/security-advisories • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28140 – Executable Hijacking
https://notcve.org/view.php?id=CVE-2023-28140
18 Apr 2023 — An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when processes are running with escalated privileges. This vulnerability is bounded only to the time of uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life. An Exec... • https://www.qualys.com/security-advisories • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29549 – Qualys Cloud Agent Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-29549
18 Aug 2022 — An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was installed by root) and without integrity checks (e.g., a checksum comparison against known legitimate programs). Also, the vendor recommendation is to install this agent software with root privileges. Thus, privilege escalation is possible on systems where any of these pathnames is controlled by a non-root user. A... • http://packetstormsecurity.com/files/168367/Qualys-Cloud-Agent-Arbitrary-Code-Execution.html • CWE-354: Improper Validation of Integrity Check Value •