CVE-2023-6149
CVSS V2 None
CVSS V3 None
Description
Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data
Overview
- CVE ID
- CVE-2023-6149
- Assigner
- Qualys
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-01-09T08:21:12.804Z
- Last Modified Date
- 2024-01-09T08:21:12.804Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.qualys.com/security-advisories/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-6149 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6149 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 06:54:16 | Added to TrackCVE |