209 matches found
CVE-2023-32188 JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE...
CVE-2023-32188 JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE...
NeuVector 安全漏洞
NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. A security vulnerability exists in previous versions of NeuVector...
GO-2024-3201 JWT token compromise can allow malicious actions including Remote Code Execution (RCE) in github.com/neuvector/neuvector
JWT token compromise can allow malicious actions including Remote Code Execution RCE in github.com/neuvector/neuvector...
GHSA-JFVP-7X6P-H2PV vulnerabilities
Vulnerabilities for packages: k8s-device-plugin, podman, grafana-alloy, runc, ctop, kubernetes, docker, grype, k3s, neuvector-scanner, opentelemetry-collector-contrib, cadvisor, buildah, syft...
CVE-2024-45310 vulnerabilities
Vulnerabilities for packages: k8s-device-plugin, podman, grafana-alloy, runc, ctop, kubernetes, docker, grype, k3s, neuvector-scanner, opentelemetry-collector-contrib, cadvisor, buildah, syft...
GHSA-V23V-6JW2-98FQ vulnerabilities
Vulnerabilities for packages: up, cilium-cli, timoni, kots, harbor-scanner-trivy, kargo, opentelemetry-collector-contrib, melange, eksctl, k8sgpt, falcoctl, newrelic-infrastructure-agent, opentelemetry-collector-contrib-fips, cert-manager-cmctl-fips, prometheus, helm-operator-fips, harbor,...
GHSA-PH87-4X2G-6HP4 Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
GHSA-WPFC-R5QQ-7R7P Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-49674
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-49674
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-49673
A cross-site request forgery CSRF vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-49673
A cross-site request forgery CSRF vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...
Default credentials
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-49674
CVE-2023-49674 affects Jenkins NeuVector Vulnerability Scanner Plugin ≤ 1.22. A missing permission check in a connection test HTTP endpoint (and CSRF-vulnerable behavior) lets attackers with Overall/Read connect to an attacker-specified hostname and port using attacker-specified credentials, pote...
CVE-2023-49674
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-49673
CVE-2023-49673 is a CSRF vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin (1.22 and earlier). Exploitation allows an attacker with basic access to trigger connections to an attacker-controlled hostname/port using attacker-supplied credentials via a crafted request. Red Hat and GitH...