CVE-2023-6148 - OpenCVE

Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qualys	Policy Compliance

Configuration 1 [-]

cpe:2.3:a:qualys:policy_compliance:*:*:*:*:*:jenkins:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/01/24/6
https://www.qualys.com/security-advisories/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Qualys

Published: 2024-01-09T08:14:51.063Z

Updated: 2024-08-02T08:21:17.559Z

Reserved: 2023-11-15T10:10:26.359Z

Link: CVE-2023-6148

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-09T09:15:42.530

Modified: 2024-01-24T18:15:08.733

Link: CVE-2023-6148

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6148", "assignerOrgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda", "state": "PUBLISHED", "assignerShortName": "Qualys", "dateReserved": "2023-11-15T10:10:26.359Z", "datePublished": "2024-01-09T08:14:51.063Z", "dateUpdated": "2024-08-02T08:21:17.559Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Policy Compliance Connector Jenkins Plugin", "vendor": "Qualys,Inc. ", "versions": [{"changes": [{"at": "1.0.6", "status": "unaffected"}], "lessThanOrEqual": "1.0.2", "status": "affected", "version": "1.0.5", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Yaroslav Afenkin, CloudBees, Inc. "}], "datePublic": "2024-01-09T08:09:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which <span style=\"background-color: rgb(255, 255, 255);\">it was possible to control response for certain request which could be injected with XSS payloads leading to XSS</span><span style=\"background-color: rgb(255, 255, 255);\"> while </span><span style=\"background-color: rgb(255, 255, 255);\">proces</span><span style=\"background-color: rgb(255, 255, 255);\">sing the response data</span>\n\n</span>"}], "value": "\nQualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which\u00a0it was possible to control response for certain request which could be injected with XSS payloads leading to XSS\u00a0while processing the response data\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda", "shortName": "Qualys", "dateUpdated": "2024-01-09T08:14:51.063Z"}, "references": [{"url": "https://www.qualys.com/security-advisories/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers should upgrade to a minimum version of 1.0.6.</span><span style=\"background-color: rgb(255, 255, 255);\"> </span>\n\n<br>"}], "value": "\nCustomers should upgrade to a minimum version of 1.0.6.\u00a0\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Possible XSS vulnerability in Jenkins Plugin for Qualys Policy Compliance ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.559Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.qualys.com/security-advisories/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qualys:policy_compliance:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "42ED3645-D747-41DB-B01A-A8B686AD6E3D", "versionEndIncluding": "1.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nQualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which\u00a0it was possible to control response for certain request which could be injected with XSS payloads leading to XSS\u00a0while processing the response data\n\n"}, {"lang": "es", "value": "Se identific\u00f3 que Qualys Jenkins Plugin para Policy Compliance anterior a la versi\u00f3n 1.0.5 incluida estaba afectado por un fallo de seguridad, al que le faltaba una verificaci\u00f3n de permiso al realizar una verificaci\u00f3n de conectividad con Qualys Cloud Services. Esto permiti\u00f3 a cualquier usuario con acceso de inicio de sesi\u00f3n y acceso para configurar o editar jobs utilizar el complemento para configurar un endpoint potencial a trav\u00e9s del cual era posible controlar la respuesta para cierta solicitud que podr\u00eda inyectarse con payloads XSS que conducen a XSS mientras se procesan los datos de respuesta."}], "id": "CVE-2023-6148", "lastModified": "2024-01-24T18:15:08.733", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "bugreport@qualys.com", "type": "Secondary"}]}, "published": "2024-01-09T09:15:42.530", "references": [{"source": "bugreport@qualys.com", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6"}, {"source": "bugreport@qualys.com", "tags": ["Vendor Advisory"], "url": "https://www.qualys.com/security-advisories/"}], "sourceIdentifier": "bugreport@qualys.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "bugreport@qualys.com", "type": "Secondary"}]}