Jenkins Neuvector_vulnerability_scanner
5 CVEs affecting Jenkins Neuvector_vulnerability_scanner. Latest disclosed: 2023-11-29. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-49673 | High | 8.8 | 2023-11-29 | A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker… |
CVE-2019-10430 | Medium | 5.5 | 2019-09-25 | Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they… |
CVE-2023-30517 | Medium | 5.3 | 2023-04-12 | Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a confi… |
CVE-2022-43434 | Medium | 5.3 | 2022-10-19 | Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in work… |
CVE-2023-49674 | Medium | 4.3 | 2023-11-29 | A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an at… |