5.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-6148

GHSA ID

GHSA-rwf9-8fqr-p44m

EPSS Score

0.63508%

CWE

CWE-79

Published

1/9/2024

Updated

1/24/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-6148

CVE-2023-6148:
Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability

Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data.

(GitHub Advisory)

5.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-6148

GHSA ID

GHSA-rwf9-8fqr-p44m

EPSS Score

0.63508%

CWE

CWE-79

Published

1/9/2024

Updated

1/24/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.qualys.plugins:qualys-pc	maven	< 1.0.6	1.0.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two key flaws: 1) Missing permission checks in the connectivity test endpoint handler (likely a doCheck method in the DescriptorImpl class), allowing low-privileged users to execute it. 2) Unsanitized rendering of external API responses in Jenkins' web UI (via a response processing method), enabling XSS. These functions are standard patterns in Jenkins plugin development for connection validation and UI rendering, aligning with the described attack vectors.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Qu*lys J*nkins Plu*in *or Poli*y *ompli*n** prior to v*rsion *n* in*lu*in* *.*.* w*s i**nti*i** to ** *****t** *y * s**urity *l*w, w*i** w*s missin* * p*rmission ****k w*il* p*r*ormin* * *onn**tivity ****k to Qu*lys *lou* S*rvi**s. T*is *llow** *ny u

Reasoning

T** vuln*r**ility st*ms *rom two k*y *l*ws: *) Missin* p*rmission ****ks in t** *onn**tivity t*st *n*point **n*l*r (lik*ly * `*o****k` m*t*o* in t** `**s*riptorImpl` *l*ss), *llowin* low-privil**** us*rs to *x**ut* it. *) Uns*nitiz** r*n**rin* o* *xt

5.7

Basic Information

Concerned about an active attack path?

CVE-2023-6148: Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability

5.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-6148:
Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability

Vulnerability Intelligence
Miggo AI