Vulnerabilities > Qualys > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2023-6148 Cross-site Scripting vulnerability in Qualys Policy Compliance 1.0.5
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services.
network
low complexity
qualys CWE-79
5.4
2024-01-09 CVE-2023-6149 XXE vulnerability in Qualys web Application Screening
Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services.
network
low complexity
qualys CWE-611
6.5
2024-01-09 CVE-2023-6147 XXE vulnerability in Qualys Policy Compliance 1.0.5
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services.
network
low complexity
qualys CWE-611
6.5
2023-12-08 CVE-2023-6146 Cross-site Scripting vulnerability in Qualys Private Cloud Platform
A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users.
network
low complexity
qualys CWE-79
5.4
2023-09-08 CVE-2023-4777 Incorrect Permission Assignment for Critical Resource vulnerability in Qualys Container Scanning Connector 1.6.2.6
An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. 
network
low complexity
qualys CWE-732
4.3
2023-04-18 CVE-2023-28141 Unspecified vulnerability in Qualys Cloud Agent 3.1.3.34/4.5.3.1
An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31.
local
high complexity
qualys
6.3
2022-08-18 CVE-2022-29550 Information Exposure Through Log Files vulnerability in Qualys Cloud Agent 4.8.049
An issue was discovered in Qualys Cloud Agent 4.8.0-49.
local
low complexity
qualys CWE-532
5.5