CVE-2023-4777
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD
Description
An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins.
Affected (1)
Products: Qualys: Container Scanning Connector
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.6.2.7 |
References (2)
Timeline
No history available yet.