CVE-2023-6149

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 9, 2024
Updated: Jan 12, 2024
CWE ID 611

Summary

CVE-2023-6149 is a security vulnerability affecting the Qualys Jenkins Plugin for Web Application Scanning (WAS) before version 2.0.12. The issue arises from a missing permission check during a connectivity check to Qualys Cloud Services. This flaw enables any user with login access to configure or edit jobs, potentially allowing them to introduce rogue endpoints. These endpoints could manipulate the response to certain requests, leading to XML External Entity (XXE) injection attacks while processing the response data.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share