Security
Headlines

Headlines Latest CVEs

Headline

GHSA-rwf9-8fqr-p44m: Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability

Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data.

9 months ago

#xss #vulnerability #git #java #maven

GitHub Advisory Database
GitHub Reviewed
CVE-2023-6148

Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published Jan 9, 2024 to the GitHub Advisory Database • Updated Jan 12, 2024

Package

maven com.qualys.plugins:qualys-pc (Maven)

Affected versions

< 1.0.6

Published to the GitHub Advisory Database

Jan 9, 2024

Last updated

Jan 12, 2024

ghsa: Latest News

GHSA-pfr9-2p92-qrhq: Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function

2 hours ago

GHSA-jqfv-jrvq-95jm: Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability

4 hours ago

GHSA-9722-9j67-vjcr: Improper Authorization in Select Permissions

19 hours ago

GHSA-qjrv-v6qp-x99x: SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings

19 hours ago

GHSA-f3cx-396f-7jqp: Livewire Remote Code Execution on File Uploads

19 hours ago