Security
Headlines

Headlines Latest CVEs

Headline

GHSA-rwf9-8fqr-p44m: Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability

Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data.

10 months ago

#xss #vulnerability #git #java #maven

GitHub Advisory Database
GitHub Reviewed
CVE-2023-6148

Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published Jan 9, 2024 to the GitHub Advisory Database • Updated Jan 12, 2024

Package

maven com.qualys.plugins:qualys-pc (Maven)

Affected versions

< 1.0.6

Published to the GitHub Advisory Database

Jan 9, 2024

Last updated

Jan 12, 2024

ghsa: Latest News

GHSA-7p9f-6x8j-gxxp: CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

19 hours ago

GHSA-hh33-46q4-hwm2: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion

21 hours ago

GHSA-rmv2-8jjc-23xw: TCPDF Local File Inclusion vulnerability

22 hours ago

GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling

1 day ago

GHSA-q4xm-6fjc-5f6w: sigstore-java has vulnerability with bundle verification

1 day ago