Lucene search
GitHub Advisory DatabaseGHSA-R3MM-V4X7-2PHMHistoryApr 12, 2023 - 6:30 p.m.
Jenkins NeuVector Vulnerability Scanner Plugin disables SSL/TLS certificate and hostname validation
2023-04-1218:30:37
CWE-295
GitHub Advisory Database
github.com
14
jenkins
neuvector
vulnerability scanner
ssl/tls
certificate
hostname
validation
software
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
25.7%
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.
Affected configurations
Node
io.jenkins.pluginsneuvector-vulnerability-scannerRange≤1.22
| Vendor | Product | Version | CPE |
|---|---|---|---|
| io.jenkins.plugins | neuvector-vulnerability-scanner | * | cpe:2.3:a:io.jenkins.plugins:neuvector-vulnerability-scanner:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-30517
2023-04-12 17:05:08
osv
osv
prion
prion
Input validation
2023-04-12 18:15:00
nvd
nvd
CVE-2023-30517
2023-04-12 18:15:09
cve
cve
CVE-2023-30517
2023-04-12 18:15:09
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
25.7%
Related for GHSA-R3MM-V4X7-2PHM