Vulnerabilities > Qualys > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-09 | CVE-2023-6148 | Cross-site Scripting vulnerability in Qualys Policy Compliance 1.0.5 Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. | 5.4 |
2024-01-09 | CVE-2023-6149 | XXE vulnerability in Qualys web Application Screening Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. | 6.5 |
2024-01-09 | CVE-2023-6147 | XXE vulnerability in Qualys Policy Compliance 1.0.5 Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. | 6.5 |
2023-12-08 | CVE-2023-6146 | Cross-site Scripting vulnerability in Qualys Private Cloud Platform A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. | 5.4 |
2023-09-08 | CVE-2023-4777 | Incorrect Permission Assignment for Critical Resource vulnerability in Qualys Container Scanning Connector 1.6.2.6 An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. | 4.3 |
2023-04-18 | CVE-2023-28141 | Unspecified vulnerability in Qualys Cloud Agent 3.1.3.34/4.5.3.1 An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. | 6.3 |
2022-08-18 | CVE-2022-29550 | Information Exposure Through Log Files vulnerability in Qualys Cloud Agent 4.8.049 An issue was discovered in Qualys Cloud Agent 4.8.0-49. | 5.5 |