March 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities
January 30, 2023Rewterz Threat Alert – WSHRAT aka Houdini – Active IOCs
January 30, 2023Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities
January 30, 2023Rewterz Threat Alert – WSHRAT aka Houdini – Active IOCs
January 30, 2023
Severity
Medium
Analysis Summary
CVE-2023-24452 CVSS:4.3
Jenkins TestQuality Updater Plugin is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to connect to an attacker-specified URL. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-24453 CVSS:4.3
Jenkins TestQuality Updater Plugin could allow a remote authenticated attacker to bypass security restrictions, caused by not perform a permission check in a method implementing form validation.. By sending a specially-crafted request, an attacker could exploit this vulnerability to connect to an attacker-specified URL.
CVE-2023-24454 CVSS:3.3
Jenkins TestQuality Updater Plugin could allow a local authenticated attacker to obtain sensitive information, caused by the storage of password unencrypted in its global configuration file. By gaining access to the global configuration files, an attacker could exploit this vulnerability to obtain password information, and use this information to launch further attacks against the affected system.
Impact
- Security Bypass
- Information Disclosure
- Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2023-24452
- CVE-2023-24453
- CVE-2023-24454
Affected Vendors
Jenkins
Affected Products
- Jenkins TestQuality Updater Plugin 1.3
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.