Vulnerabilities > Qualys
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2023-6148 | Cross-site Scripting vulnerability in Qualys Policy Compliance Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. | 5.4 |
| 2024-01-09 | CVE-2023-6149 | XXE vulnerability in Qualys web Application Screening Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. | 6.5 |
| 2024-01-09 | CVE-2023-6147 | XXE vulnerability in Qualys Policy Compliance Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. | 6.5 |
| 2023-12-08 | CVE-2023-6146 | Cross-site Scripting vulnerability in Qualys Private Cloud Platform A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. | 5.4 |
| 2023-09-08 | CVE-2023-4777 | Incorrect Permission Assignment for Critical Resource vulnerability in Qualys Container Scanning Connector An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. | 4.3 |
| 2023-04-18 | CVE-2023-28140 | Uncontrolled Search Path Element vulnerability in Qualys Cloud Agent An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. | 7.0 |
| 2023-04-18 | CVE-2023-28141 | Unspecified vulnerability in Qualys Cloud Agent An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. | 6.3 |
| 2023-04-18 | CVE-2023-28142 | Race Condition vulnerability in Qualys Cloud Agent A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. | 7.0 |
| 2023-04-18 | CVE-2023-28143 | Untrusted Search Path vulnerability in Qualys Cloud Agent Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) versions. Attackers may exploit incorrect file permissions to give them ROOT command execution privileges on the host. | 7.0 |
| 2022-08-18 | CVE-2022-29550 | Information Exposure Through Log Files vulnerability in Qualys Cloud Agent 4.8.049 An issue was discovered in Qualys Cloud Agent 4.8.0-49. | 5.5 |