Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-rwf9-8fqr-p44m: Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability

Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data.

ghsa
#xss#vulnerability#git#java#maven
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-6148

Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published Jan 9, 2024 to the GitHub Advisory Database • Updated Jan 12, 2024

Package

maven com.qualys.plugins:qualys-pc (Maven)

Affected versions

< 1.0.6

Published to the GitHub Advisory Database

Jan 9, 2024

Last updated

Jan 12, 2024

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP