Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2023-49674

Disclosure Date: November 29, 2023 (last updated December 06, 2023)
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
Attacker Value
Unknown

CVE-2023-49673

Disclosure Date: November 29, 2023 (last updated December 06, 2023)
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
Attacker Value
Unknown

CVE-2023-30517

Disclosure Date: April 12, 2023 (last updated October 08, 2023)
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.
Attacker Value
Unknown

CVE-2022-43434

Disclosure Date: October 19, 2022 (last updated October 25, 2023)
Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
Attacker Value
Unknown

CVE-2019-10430

Disclosure Date: September 25, 2019 (last updated October 26, 2023)
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.