Skip to main content

Policy Compliance

2 CVEs product

Monthly

CVE-2023-6148 Maven MEDIUM PATCH This Month

Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jenkins Policy Compliance
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2023-6147 Maven MEDIUM PATCH This Month

Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jenkins Policy Compliance
NVD
CVSS 3.1
5.7
EPSS
0.2%
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jenkins Policy Compliance
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jenkins Policy Compliance
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy