CVE-2023-6147
CVSS v3.1
6.5 (Medium)
EPSS
0.05 % (17th)
Affected Products
1
Advisories
2
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data
Weaknesses
- CWE-611
- Improper Restriction of XML External Entity Reference
- CVE Status
- PUBLISHED
- CNA
- Qualys, Inc.
- Published Date
-
2024-01-09 08:15:36
(8 months ago) - Updated Date
-
2024-01-24 18:15:08
(7 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...