exploitDog

CVE-2023-4777

Опубликовано: 08 сент. 2023

Источник: nvd

CVSS3: 3.1

CVSS3: 4.3

EPSS Низкий

Описание

An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins.

Ссылки

https://www.qualys.com/security-advisories/
Product
https://www.qualys.com/security-advisories/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:qualys:container_scanning_connector:*:*:*:*:*:*:*:*

Версия до 1.6.2.7 (исключая)

EPSS

Процентиль: 19%

0.00061

Низкий

3.1 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-732

CWE-732

Связанные уязвимости

GHSA-cv73-5q55-543p

CVSS3: 3.1

github

больше 2 лет назад

An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins.

EPSS

Процентиль: 19%

0.00061

Низкий

3.1 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-732

CWE-732