CVSS 3.1 Score 6.5 of 10 (medium)


Published Jul 26, 2023
Updated: Jul 31, 2023
CWE ID 863


The vulnerability with the CVE ID CVE-2023-39154 affects Jenkins Qualys Web App Scanning Connector Plugin version 2.0.10 and earlier. It allows attackers with global Item/Configure permission to connect to a specified URL using attacker-specified credentials obtained through another method, potentially capturing stored credentials in Jenkins. The vulnerability has a base severity rating of MEDIUM and a base score of 6.5 according to NIST's National Vulnerability Database (NVD). The impact includes high confidentiality impact, low attack complexity, and low privileges required. No user interaction is required for exploitation, and the attack vector is through the network. The vulnerability does not affect the availability or integrity of the system. Remediation measures for this vulnerability should be provided by Jenkins, such as releasing an updated version of the plugin that addresses the incorrect permission checks issue. Organizations using affected versions should update to the patched version as soon as possible to mitigate the potential danger it poses in terms of unauthorized access to credentials stored in Jenkins.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-39154 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options