Possible XSS vulnerability in Jenkins Plugin for Qualys Policy Compliance
CVE-2023-6148

5.7MEDIUM

Key Information:

Vendor

Qualys,inc.

Status
Policy Compliance Connector Jenkins Plugin
Vendor
CVE Published:
9 January 2024

What is CVE-2023-6148?

Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Policy Compliance Connector Jenkins Plugin 1.0.5 <= 1.0.2

References

https://www.qualys.com/security-advisories/
http://www.openwall.com/lists/oss-security/2024/01/24/6

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yaroslav Afenkin, CloudBees, Inc.
JSON
.