CVE-2023-4777

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 8, 2023
Updated: Sep 13, 2023
CWE ID 79

Summary

CVE-2023-4777 is a vulnerability affecting the Qualys Container Scanning Connector Plugin version 1.6.2.6 and earlier. This issue stems from a misconfigured permission check, enabling attackers with global Item/Configure permissions, but lacking such permissions on specific jobs, to enumerate credentials IDs within Jenkins. By leveraging these IDs, attackers can connect to an attacker-specified URL using the stolen credentials, potentially leading to unauthorized access and data breaches within Jenkins.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share