CVE-2023-6148
Possible XSS vulnerability in Jenkins Plugin for Qualys Policy Compliance
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data
Se identificó que Qualys Jenkins Plugin para Policy Compliance anterior a la versión 1.0.5 incluida estaba afectado por un fallo de seguridad, al que le faltaba una verificación de permiso al realizar una verificación de conectividad con Qualys Cloud Services. Esto permitió a cualquier usuario con acceso de inicio de sesión y acceso para configurar o editar jobs utilizar el complemento para configurar un endpoint potencial a través del cual era posible controlar la respuesta para cierta solicitud que podría inyectarse con payloads XSS que conducen a XSS mientras se procesan los datos de respuesta.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-15 CVE Reserved
- 2024-01-09 CVE Published
- 2024-01-13 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2024/01/24/6 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.qualys.com/security-advisories | 2024-01-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Qualys Search vendor "Qualys" | Policy Compliance Search vendor "Qualys" for product "Policy Compliance" | <= 1.0.5 Search vendor "Qualys" for product "Policy Compliance" and version " <= 1.0.5" | jenkins |
Affected
|