CVE-2023-4777 - OpenCVE

An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Qualys	Container Scanning Connector

Configuration 1 [-]

cpe:2.3:a:qualys:container_scanning_connector:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.qualys.com/security-advisories/	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Qualys

Published: 2023-09-08T08:42:35.645Z

Updated: 2023-09-08T08:42:35.645Z

Reserved: 2023-09-05T15:39:46.417Z

Link: CVE-2023-4777

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-08T09:15:08.697

Modified: 2023-09-13T12:54:59.283

Link: CVE-2023-4777

JSON object: View

Redhat Information

No data.

CWE

CWE-732

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4777", "assignerOrgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda", "state": "PUBLISHED", "assignerShortName": "Qualys", "dateReserved": "2023-09-05T15:39:46.417Z", "datePublished": "2023-09-08T08:42:35.645Z", "dateUpdated": "2023-09-08T08:42:35.645Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Container Scanning Connector Jenkins Plugin", "vendor": "Qualys,Inc. ", "versions": [{"lessThanOrEqual": "1.6.0.1", "status": "affected", "version": "1.6.2.6", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Yaroslav Afenkin, CloudBees, Inc. "}], "datePublic": "2023-09-08T07:43:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins.</span><span style=\"background-color: rgb(255, 255, 255);\"> </span>\n\n"}], "value": "\nAn incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins.\u00a0\n\n"}], "impacts": [{"capecId": "CAPEC-212", "descriptions": [{"lang": "en", "value": "CAPEC-212 Functionality Misuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda", "shortName": "Qualys", "dateUpdated": "2023-09-08T08:42:35.645Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.qualys.com/security-advisories/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers should upgrade to a minimum version of 1.6.2.7.</span><span style=\"background-color: rgb(255, 255, 255);\"> </span>\n\n<br>"}], "value": "\nCustomers should upgrade to a minimum version of 1.6.2.7.\u00a0\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Incorrect Permission Assignment on Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qualys:container_scanning_connector:*:*:*:*:*:*:*:*", "matchCriteriaId": "40CC9049-544D-42FD-9494-340ACEAD4BF2", "versionEndExcluding": "1.6.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nAn incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins.\u00a0\n\n"}, {"lang": "es", "value": "Una comprobaci\u00f3n de permisos incorrecta en Qualys Container Scanning Connector Plugin 1.6.2.6 y versiones anteriores permite a los atacantes con autorizaci\u00f3n global Item/Configure (aunque carecen de autorizaci\u00f3n Item/Configure en cualquier job en particular) enumerar los ID de credenciales de las credenciales almacenadas en Jenkins y conectarse a una URL especificada por el atacante, utilizando ID de credenciales especificadas por el atacante, capturando las credenciales almacenadas en Jenkins."}], "id": "CVE-2023-4777", "lastModified": "2023-09-13T12:54:59.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "bugreport@qualys.com", "type": "Secondary"}]}, "published": "2023-09-08T09:15:08.697", "references": [{"source": "bugreport@qualys.com", "tags": ["Product"], "url": "https://www.qualys.com/security-advisories/"}], "sourceIdentifier": "bugreport@qualys.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "bugreport@qualys.com", "type": "Secondary"}]}