Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown
CVE-2023-49674
Disclosure Date: November 29, 2023 (last updated December 06, 2023)
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
0
Attacker Value
Unknown
CVE-2023-49673
Disclosure Date: November 29, 2023 (last updated December 06, 2023)
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
0
Attacker Value
Unknown
CVE-2023-30517
Disclosure Date: April 12, 2023 (last updated October 08, 2023)
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.
0
Attacker Value
Unknown
CVE-2022-43434
Disclosure Date: October 19, 2022 (last updated October 25, 2023)
Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
0
Attacker Value
Unknown
CVE-2019-10430
Disclosure Date: September 25, 2019 (last updated October 26, 2023)
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
0