CVE-2023-6147 - OpenCVE

Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qualys	Policy Compliance

Configuration 1 [-]

cpe:2.3:a:qualys:policy_compliance:*:*:*:*:*:jenkins:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/01/24/6
https://www.qualys.com/security-advisories/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Qualys

Published: 2024-01-09T08:08:43.883Z

Updated: 2024-08-02T08:21:17.530Z

Reserved: 2023-11-15T10:10:24.476Z

Link: CVE-2023-6147

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-09T08:15:36.100

Modified: 2024-01-24T18:15:08.623

Link: CVE-2023-6147

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6147", "assignerOrgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda", "state": "PUBLISHED", "assignerShortName": "Qualys", "dateReserved": "2023-11-15T10:10:24.476Z", "datePublished": "2024-01-09T08:08:43.883Z", "dateUpdated": "2024-08-02T08:21:17.530Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Policy Compliance Connector Jenkins Plugin", "vendor": "Qualys,Inc. ", "versions": [{"changes": [{"at": "1.0.6", "status": "unaffected"}], "lessThanOrEqual": "1.0.2", "status": "affected", "version": "1.0.5", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Yaroslav Afenkin, CloudBees, Inc. "}], "datePublic": "2024-01-09T08:05:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data</span>"}], "value": "\nQualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "description": "CWE-611", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda", "shortName": "Qualys", "dateUpdated": "2024-01-09T08:08:43.883Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.qualys.com/security-advisories/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers should upgrade to a minimum version of 1.0.6.</span><span style=\"background-color: rgb(255, 255, 255);\"> </span>\n\n<br>"}], "value": "\nCustomers should upgrade to a minimum version of 1.0.6.\u00a0\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Possible XXE vulnerability in Jenkins Plugin for Qualys Policy Compliance ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.530Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.qualys.com/security-advisories/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qualys:policy_compliance:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "42ED3645-D747-41DB-B01A-A8B686AD6E3D", "versionEndIncluding": "1.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nQualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data"}, {"lang": "es", "value": "Se identific\u00f3 que Qualys Jenkins Plugin para Policy Compliance anterior a la versi\u00f3n 1.0.5 incluida estaba afectado por un fallo de seguridad, al que le faltaba una verificaci\u00f3n de permiso al realizar una verificaci\u00f3n de conectividad con Qualys Cloud Services. Esto permiti\u00f3 a cualquier usuario con acceso de inicio de sesi\u00f3n configurar o editar jobs para utilizar el complemento y configurar un endpoint potencial a trav\u00e9s del cual era posible controlar la respuesta para cierta solicitud que podr\u00eda inyectarse con payloads XXE que conduzcan a XXE mientras se procesan los datos de respuesta."}], "id": "CVE-2023-6147", "lastModified": "2024-01-24T18:15:08.623", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "bugreport@qualys.com", "type": "Secondary"}]}, "published": "2024-01-09T08:15:36.100", "references": [{"source": "bugreport@qualys.com", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}, {"source": "bugreport@qualys.com", "tags": ["Vendor Advisory"], "url": "https://www.qualys.com/security-advisories/"}], "sourceIdentifier": "bugreport@qualys.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-611"}], "source": "bugreport@qualys.com", "type": "Secondary"}]}