Vulnerability Change Records for CVE-2023-6148
Change History
New CVE Received from Qualys, Inc. 1/09/2024 4:15:42 AM
Action |
Type |
Old Value |
New Value |
Added |
Description |
|
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data
|
Added |
CVSS V3.1 |
|
Qualys, Inc. AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
|
Added |
CWE |
|
Qualys, Inc. CWE-79
|
Added |
Reference |
|
Qualys, Inc. https://www.qualys.com/security-advisories/ [No types assigned]
|
|