Maven package
com.qualys.plugins/qualys-was
pkg:maven/com.qualys.plugins/qualys-was
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-6149 | — | < 2.0.12 | 2.0.12 | Jan 9, 2024 | Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit | ||
| CVE-2023-39154 | — | < 2.0.11 | 2.0.11 | Jul 26, 2023 | Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing cre |
- CVE-2023-6149Jan 9, 2024affected < 2.0.12fixed 2.0.12
Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit
- CVE-2023-39154Jul 26, 2023affected < 2.0.11fixed 2.0.11
Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing cre