CVE-2023-4777
EUVD-2023-5462308.09.2023, 09:15
An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| qualys | container_scanning_connector | 𝑥 < 1.6.2.7 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration