CVE-2023-49673
- EPSS 0.07%
- Veröffentlicht 29.11.2023 14:15:07
- Zuletzt bearbeitet 21.11.2024 08:33:40
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
CVE-2023-49674
- EPSS 0.04%
- Veröffentlicht 29.11.2023 14:15:07
- Zuletzt bearbeitet 21.11.2024 08:33:41
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
CVE-2023-30517
- EPSS 0.03%
- Veröffentlicht 12.04.2023 18:15:09
- Zuletzt bearbeitet 07.02.2025 19:15:23
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.
CVE-2022-43434
- EPSS 0.96%
- Veröffentlicht 19.10.2022 16:15:12
- Zuletzt bearbeitet 08.05.2025 19:15:56
Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
CVE-2019-10430
- EPSS 0.03%
- Veröffentlicht 25.09.2019 16:15:12
- Zuletzt bearbeitet 21.11.2024 04:19:07
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.