CVE-2023-39154

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-863
View all →

Vulnerability Description

Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Related Vulnerabilities

CVE-2009-2213

MEDIUM
CVSS:6.5(Medium)

The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Author...

CWE-8632009

CVE-2011-3617

MEDIUM
CVSS:6.5(Medium)

Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases.

CWE-8632011

CVE-2014-0169

MEDIUM
CVSS:6.5(Medium)

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to acce...

CWE-8632014

CVE-2015-1780

MEDIUM
CVSS:6.5(Medium)

oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center

CWE-8632015

CVE-2016-3131

MEDIUM
CVSS:6.5(Medium)

Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.

CWE-8632016

CVE-2016-6353

MEDIUM
CVSS:6.5(Medium)

Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.

CWE-8632016