CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-4777

An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.4%

CVSS Severity

CVSS v3 Score 3.1

References

https://www.qualys.com/security-advisories/
https://www.qualys.com/security-advisories/

Products affected by CVE-2023-4777

Qualys » Container Scanning Connector » Version: N/A

cpe:2.3:a:qualys:container_scanning_connector:-
Qualys » Container Scanning Connector » Version: 1.6.2.6

cpe:2.3:a:qualys:container_scanning_connector:1.6.2.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-4777

Products

Pricing

Contact Us