Vulnerabilities > Qualys > Container Scanning Connector > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-08 | CVE-2023-4777 | Incorrect Permission Assignment for Critical Resource vulnerability in Qualys Container Scanning Connector 1.6.2.6 An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. | 4.3 |