NeuVector Vulnerability Scanner Plugin

Source repositories

https://github.com/jenkinsci/neuvector-vulnerability-scanner-plugin

CVEs (5)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2023-49674	Jenkins Project NeuVector Vulnerability Scanner Plugin	—	0.00	Nov 29, 2023	A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
CVE-2023-49673	Jenkins Project NeuVector Vulnerability Scanner Plugin	—	0.00	Nov 29, 2023	A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
CVE-2023-30517	Jenkins Project NeuVector Vulnerability Scanner Plugin	—	0.00	Apr 12, 2023	Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.
CVE-2022-43434	Jenkins Project NeuVector Vulnerability Scanner Plugin	—	0.01	Oct 19, 2022	Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
CVE-2019-10430	Jenkins Project NeuVector Vulnerability Scanner Plugin	—	0.00	Sep 25, 2019	Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

CVE-2023-49674Nov 29, 2023
Jenkins Project
NeuVector Vulnerability Scanner Plugin
risk 0.00cvss —epss 0.00
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
CVE-2023-49673Nov 29, 2023
Jenkins Project
NeuVector Vulnerability Scanner Plugin
risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
CVE-2023-30517Apr 12, 2023
Jenkins Project
NeuVector Vulnerability Scanner Plugin
risk 0.00cvss —epss 0.00
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.
CVE-2022-43434Oct 19, 2022
Jenkins Project
NeuVector Vulnerability Scanner Plugin
risk 0.00cvss —epss 0.01
Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
CVE-2019-10430Sep 25, 2019
Jenkins Project
NeuVector Vulnerability Scanner Plugin
risk 0.00cvss —epss 0.00
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.