Lucene search

GitHub Advisory DatabaseGHSA-8WGF-3MRJ-73X7

HistoryJul 26, 2023 - 3:30 p.m.

Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials

2023-07-2615:30:57

CWE-863

GitHub Advisory Database

github.com

qualys

web app scanning

plugin

permission checks

http endpoints

credentials

jenkins

security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

20.8%

JSON

Qualys Web App Scanning Connector Plugin 2.0.10 and earlier does not correctly perform permission checks in several HTTP endpoints.

This allows attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Qualys Web App Scanning Connector Plugin 2.0.11 requires the appropriate permissions for the affected HTTP endpoints.

Affected configurations

Vulners

Node

com.qualys.plugins\qualysMatchwas

CPENameOperatorVersion
com.qualys.plugins:qualys-waslt2.0.11

CPE	Name	Operator	Version
	com.qualys.plugins:qualys-was	lt	2.0.11

References

www.openwall.com/lists/oss-security/2023/07/26/2

github.com/advisories/GHSA-8wgf-3mrj-73x7

nvd.nist.gov/vuln/detail/CVE-2023-39154

www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3012

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

20.8%

JSON

Related for GHSA-8WGF-3MRJ-73X7