Vulnerabilities > Qualys > Container Scanning Connector > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-08 CVE-2023-4777 Incorrect Permission Assignment for Critical Resource vulnerability in Qualys Container Scanning Connector 1.6.2.6
An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. 
network
low complexity
qualys CWE-732
4.3