CVE-2023-6149
Possible XXE vulnerability in Jenkins Plugin for Qualys Web Application Security
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data
Se identificó que Qualys Jenkins Plugin para WAS anterior a la versión 2.0.11 incluida estaba afectado por un fallo de seguridad, al que le faltaba una verificación de permiso al realizar una verificación de conectividad con Qualys Cloud Services. Esto permitió a cualquier usuario con acceso de inicio de sesión configurar o editar jobs para utilizar el complemento y configurar un endpoint potencial a través del cual era posible controlar la respuesta para cierta solicitud que podría inyectarse con payloads XXE que conduzcan a XXE mientras se procesan los datos de respuesta.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-15 CVE Reserved
- 2024-01-09 CVE Published
- 2024-01-13 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.qualys.com/security-advisories | 2024-01-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Qualys Search vendor "Qualys" | Web Application Screening Search vendor "Qualys" for product "Web Application Screening" | <= 2.0.11 Search vendor "Qualys" for product "Web Application Screening" and version " <= 2.0.11" | jenkins |
Affected
|