CVE-2023-6147
CVSS V2 None
CVSS V3 None
Description
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data
Overview
- CVE ID
- CVE-2023-6147
- Assigner
- Qualys
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-01-09T08:08:43.883Z
- Last Modified Date
- 2024-01-09T08:08:43.883Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.qualys.com/security-advisories/ | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2024/01/24/6 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-6147 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6147 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 07:19:53 | Added to TrackCVE |