5.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-6147

GHSA ID

GHSA-8525-52vg-jv6v

EPSS Score

0.39029%

CWE

CWE-611

Published

1/9/2024

Updated

1/24/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-6147

CVE-2023-6147:
Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability

Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data

(GitHub Advisory)

5.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-6147

GHSA ID

GHSA-8525-52vg-jv6v

EPSS Score

0.39029%

CWE

CWE-611

Published

1/9/2024

Updated

1/24/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.qualys.plugins:qualys-pc	maven	<= 1.0.5	1.0.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insecure XML processing during Qualys Cloud Services connectivity checks. The advisory explicitly states the plugin didn't restrict XXE, which typically manifests in XML parser configuration. The connectivity check endpoint would involve parsing XML responses - a prime candidate for XXE if parser security features aren't enabled. While exact function names aren't provided, Java XML parsing patterns (DocumentBuilderFactory/SAXParser without setFeature("http://apache.org/xml/features/disallow-doctype-decl", true)) strongly indicate this implementation flaw. The missing permission check allows attackers to trigger this vulnerable code path.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Qu*lys J*nkins Plu*in *or Poli*y *ompli*n** prior to v*rsion *n* in*lu*in* *.*.* w*s i**nti*i** to ** *****t** *y * s**urity *l*w, w*i** w*s missin* * p*rmission ****k w*il* p*r*ormin* * *onn**tivity ****k to Qu*lys *lou* S*rvi**s. T*is *llow** *ny u

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* XML pro**ssin* *urin* Qu*lys *lou* S*rvi**s *onn**tivity ****ks. T** **visory *xpli*itly st*t*s t** `plu*in` *i*n't r*stri*t XX*, w*i** typi**lly m*ni**sts in XML p*rs*r `*on*i*ur*tion`. T** *onn**tivity ****k *n

5.7

Basic Information

Concerned about an active attack path?

CVE-2023-6147: Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability

5.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-6147:
Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability

Vulnerability Intelligence
Miggo AI