Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2023-07-26T13:54:54.206Z
Updated: 2024-08-02T18:02:06.202Z
Reserved: 2023-07-25T11:16:13.336Z
Link: CVE-2023-39154
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-26T14:15:10.647
Modified: 2023-07-31T18:13:34.753
Link: CVE-2023-39154
Redhat
No data.