{"vulnerability": "ghsa-rwf9-8fqr-p44m", "sightings": [{"uuid": "46984e48-002f-4b47-98c0-de1f29326160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-RWF9-8FQR-P44M", "type": "seen", "source": "https://t.me/arpsyndicate/3150", "content": "#ExploitObserverAlert\n\nGHSA-rwf9-8fqr-p44m\n\nDESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-rwf9-8fqr-p44m. Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which\u00a0it was possible to control response for certain request which could be injected with XSS payloads leading to XSS\u00a0while processing the response data.", "creation_timestamp": "2024-01-28T01:29:27.000000Z"}]}