Vulnerabilities > Qualys > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-09 | CVE-2023-6148 | Cross-site Scripting vulnerability in Qualys Policy Compliance Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. | 5.4 |
2024-01-09 | CVE-2023-6149 | XXE vulnerability in Qualys web Application Screening Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. | 6.5 |
2024-01-09 | CVE-2023-6147 | XXE vulnerability in Qualys Policy Compliance Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. | 6.5 |
2023-12-08 | CVE-2023-6146 | Cross-site Scripting vulnerability in Qualys Private Cloud Platform A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. | 5.4 |
2023-09-08 | CVE-2023-4777 | Incorrect Permission Assignment for Critical Resource vulnerability in Qualys Container Scanning Connector An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. | 4.3 |
2023-04-18 | CVE-2023-28141 | Unspecified vulnerability in Qualys Cloud Agent An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. | 6.3 |
2022-08-18 | CVE-2022-29550 | Information Exposure Through Log Files vulnerability in Qualys Cloud Agent 4.8.049 An issue was discovered in Qualys Cloud Agent 4.8.0-49. | 5.5 |