Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.qualys.plugins/qualys-pc@1.0.6
Typemaven
Namespacecom.qualys.plugins
Namequalys-pc
Version1.0.6
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-fz2j-cqqt-jfcz
vulnerability_id VCID-fz2j-cqqt-jfcz
summary Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6148
reference_id
reference_type
scores
0
value 0.00467
scoring_system epss
scoring_elements 0.64912
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6148
1
reference_url https://github.com/jenkinsci/qualys-pc-plugin
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/qualys-pc-plugin
2
reference_url https://www.qualys.com/security-advisories
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.qualys.com/security-advisories
3
reference_url https://www.qualys.com/security-advisories/cve-2023-6148
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.qualys.com/security-advisories/cve-2023-6148
4
reference_url http://www.openwall.com/lists/oss-security/2024/01/24/6
reference_id 6
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-10T18:23:49Z/
url http://www.openwall.com/lists/oss-security/2024/01/24/6
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6148
reference_id CVE-2023-6148
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6148
6
reference_url https://www.qualys.com/security-advisories/cve-2023-6148/
reference_id CVE-2023-6148
reference_type
scores
url https://www.qualys.com/security-advisories/cve-2023-6148/
7
reference_url https://github.com/advisories/GHSA-rwf9-8fqr-p44m
reference_id GHSA-rwf9-8fqr-p44m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rwf9-8fqr-p44m
8
reference_url https://www.qualys.com/security-advisories/
reference_id security-advisories
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-10T18:23:49Z/
url https://www.qualys.com/security-advisories/
fixed_packages
0
url pkg:maven/com.qualys.plugins/qualys-pc@1.0.6
purl pkg:maven/com.qualys.plugins/qualys-pc@1.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.qualys.plugins/qualys-pc@1.0.6
aliases CVE-2023-6148, GHSA-rwf9-8fqr-p44m
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fz2j-cqqt-jfcz
1
url VCID-yxjp-tfz6-zbdq
vulnerability_id VCID-yxjp-tfz6-zbdq
summary Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6147
reference_id
reference_type
scores
0
value 0.00231
scoring_system epss
scoring_elements 0.4607
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6147
1
reference_url https://github.com/jenkinsci/qualys-pc-plugin
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/qualys-pc-plugin
2
reference_url https://plugins.jenkins.io/qualys-pc
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://plugins.jenkins.io/qualys-pc
3
reference_url https://plugins.jenkins.io/qualys-pc/
reference_id
reference_type
scores
url https://plugins.jenkins.io/qualys-pc/
4
reference_url https://www.qualys.com/security-advisories
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.qualys.com/security-advisories
5
reference_url https://www.qualys.com/security-advisories/cve-2023-6147
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.qualys.com/security-advisories/cve-2023-6147
6
reference_url http://www.openwall.com/lists/oss-security/2024/01/24/6
reference_id 6
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T16:33:03Z/
url http://www.openwall.com/lists/oss-security/2024/01/24/6
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6147
reference_id CVE-2023-6147
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6147
8
reference_url https://www.qualys.com/security-advisories/cve-2023-6147/
reference_id CVE-2023-6147
reference_type
scores
url https://www.qualys.com/security-advisories/cve-2023-6147/
9
reference_url https://github.com/advisories/GHSA-8525-52vg-jv6v
reference_id GHSA-8525-52vg-jv6v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8525-52vg-jv6v
10
reference_url https://www.qualys.com/security-advisories/
reference_id security-advisories
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-14T16:33:03Z/
url https://www.qualys.com/security-advisories/
fixed_packages
0
url pkg:maven/com.qualys.plugins/qualys-pc@1.0.6
purl pkg:maven/com.qualys.plugins/qualys-pc@1.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.qualys.plugins/qualys-pc@1.0.6
aliases CVE-2023-6147, GHSA-8525-52vg-jv6v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yxjp-tfz6-zbdq
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.qualys.plugins/qualys-pc@1.0.6