How severe is CVE-2023-6149?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-6149?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2023-6149 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data

Related Vulnerabilities

CVE-2011-4107

MEDIUM

CVSS:6.5(Medium)

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary...

CWE-6112011

CVE-2012-0037

MEDIUM

CVSS:6.5(Medium)

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read ...

CWE-6112012

CVE-2012-3489

MEDIUM

CVSS:6.5(Medium)

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users ...

CWE-6112012

CVE-2014-3599

MEDIUM

CVSS:6.5(Medium)

HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy

CWE-6112014

CVE-2015-0194

MEDIUM

CVSS:6.5(Medium)

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.

CWE-6112015

CVE-2015-7743

MEDIUM

CVSS:6.5(Medium)

XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses ...

CWE-6112015