Lucene search

[email protected]CVE-2023-49674

HistoryNov 29, 2023 - 2:15 p.m.

CVE-2023-49674

2023-11-2914:15:07

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-49674

jenkins

neuvector

vulnerability scanner plugin

permission check

overall/read

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.9 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

12.4%

JSON

A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

CPENameOperatorVersion
jenkins:neuvector_vulnerability_scannerjenkins neuvector vulnerability scannerle1.22
jenkins:neuvector_vulnerability_scannerjenkins neuvector vulnerability scannereq1.12
jenkins:neuvector_vulnerability_scannerjenkins neuvector vulnerability scannereq1.17
jenkins:neuvector_vulnerability_scannerjenkins neuvector vulnerability scannereq1.0
jenkins:neuvector_vulnerability_scannerjenkins neuvector vulnerability scannereq1.11
jenkins:neuvector_vulnerability_scannerjenkins neuvector vulnerability scannereq1.13
jenkins:neuvector_vulnerability_scannerjenkins neuvector vulnerability scannereq1.7.1
jenkins:neuvector_vulnerability_scannerjenkins neuvector vulnerability scannereq1.20
jenkins:neuvector_vulnerability_scannerjenkins neuvector vulnerability scannereq1.8.1
jenkins:neuvector_vulnerability_scannerjenkins neuvector vulnerability scannereq1.5

CPE	Name	Operator	Version
jenkins:neuvector_vulnerability_scanner	jenkins neuvector vulnerability scanner	le	1.22
jenkins:neuvector_vulnerability_scanner	jenkins neuvector vulnerability scanner	eq	1.12
jenkins:neuvector_vulnerability_scanner	jenkins neuvector vulnerability scanner	eq	1.17
jenkins:neuvector_vulnerability_scanner	jenkins neuvector vulnerability scanner	eq	1.0
jenkins:neuvector_vulnerability_scanner	jenkins neuvector vulnerability scanner	eq	1.11
jenkins:neuvector_vulnerability_scanner	jenkins neuvector vulnerability scanner	eq	1.13
jenkins:neuvector_vulnerability_scanner	jenkins neuvector vulnerability scanner	eq	1.7.1
jenkins:neuvector_vulnerability_scanner	jenkins neuvector vulnerability scanner	eq	1.20
jenkins:neuvector_vulnerability_scanner	jenkins neuvector vulnerability scanner	eq	1.8.1
jenkins:neuvector_vulnerability_scanner	jenkins neuvector vulnerability scanner	eq	1.5

Rows per page:

1-10 of 261

References

www.openwall.com/lists/oss-security/2023/11/29/1

www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3256

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.9 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

12.4%

JSON

Related for CVE-2023-49674

osv1 cvelist1 prion1 github1 nessus1