Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data.
{
"github_reviewed_at": "2024-01-12T23:22:11Z",
"nvd_published_at": "2024-01-09T09:15:42Z",
"github_reviewed": true,
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE"
}