{"uuid": "470040cd-e781-4290-9647-0f19424df4d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6148", "type": "seen", "source": "https://t.me/arpsyndicate/3060", "content": "#ExploitObserverAlert\n\nCVE-2023-6148\n\nDESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2023-6148. Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which\u00a0it was possible to control response for certain request which could be injected with XSS payloads leading to XSS\u00a0while processing the response data\n\nFIRST-EPSS: 0.000450000\nNVD-IS: 2.7\nNVD-ES: 2.3", "creation_timestamp": "2024-01-26T20:26:54.000000Z"}