EUVD-2023-2008

Malicious code in bioql PyPI...

GHSA-8WGF-3MRJ-73X7 Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials

Qualys Web App Scanning Connector Plugin 2.0.10 and earlier does not correctly perform permission checks in several HTTP endpoints. This allows attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials

Qualys Web App Scanning Connector Plugin 2.0.10 and earlier does not correctly perform permission checks in several HTTP endpoints. This allows attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

CVE-2023-39154

Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

Design/Logic Flaw

Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

CVE-2023-39154

CVE-2023-39154 affects Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier. The issue is incorrect permission checks in several HTTP endpoints, enabling attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs...

CVE-2023-39154

Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

CVE-2023-39154

Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

Jenkins Qualys Web App Scanning Connector Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Sn1per v6.0 - Automated Pentest Framework For Offensive Security Experts

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage...

Qualys Helps Consultants, MSPs Deliver World-Class Security Services To Mid-Size Customers

With the newly available Qualys Consulting Edition, consultants and MSPs can now individually manage their mid-market client networks, keeping data separate and organized. This lets them offer their clients tailored, personalized services, with valuable insights and recommendations for threat...