CVE-2023-4777
Incorrect Permission Assignment on Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier
An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
Qualys,Inc. · Container Scanning Connector Jenkins PluginQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://www.qualys.com/security-advisories/