Описание
Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.10 (включая)
cpe:2.3:a:jenkins:qualys_web_app_scanning_connector:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 20%
0.00063
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 4.2
github
больше 2 лет назад
Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials
EPSS
Процентиль: 20%
0.00063
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863