CVE-2023-6148
CVSS V2 None
CVSS V3 None
Description
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data
Overview
- CVE ID
- CVE-2023-6148
- Assigner
- Qualys
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-01-09T08:14:51.063Z
- Last Modified Date
- 2024-01-09T08:14:51.063Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.qualys.com/security-advisories/ | |
| http://www.openwall.com/lists/oss-security/2024/01/24/6 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-6148 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6148 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 06:24:26 | Added to TrackCVE |