com.qualys.plugins:qualys-was

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting com.qualys.plugins:qualys-waspage 1 of 1

CVE-2023-39154MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.0.11
2023-07-26
vulnerable: 2.0.10 ... 2.0.9 (8 versions)
Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtai…
CVE-2023-6149MEDIUMCVSS 5.7EG 5.7✓ Fixed in 2.0.12
2024-01-09
vulnerable: 2.0.10 ... 2.0.9 (9 versions)
Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any us…

Check whether com.qualys.plugins:qualys-was is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.qualys.plugins:qualys-was CVEs against the assets you own.

Start Free Scan →