CVE-2023-49673

A cross-site request forgery CSRF vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...

CVE-2023-49673

A cross-site request forgery CSRF vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...

Jenkins NeuVector Vulnerability Scanner Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins plugins Multiple Vulnerabilities (2023-11-29)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Medium Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing the use of system-scoped...

Jenkins Plugin NeuVector Vulnerability Scanner Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-31283 · Jenkins · Jenkins Neuvector Vulnerability Scanner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NeuVector Vulnerability Scanner Plugin versions 1.22 and earlier Description: A cross-site request forgery CSRF vulnerability exists due to the lack of permission checks in a connection test HTTP endpoint, allowing attackers with...

Authentication Bypass

neuvector is vulnerable to Authentication Bypass. An attacker can reverse engineer a JWT token, forging a valid taken to perform malicious activity. This can lead to RCE...

SUSE CVE-2023-32188

A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE...

GHSA-622H-H2P8-743X vulnerabilities

Vulnerabilities for packages: neuvector-controller...

JWT token compromise can allow malicious actions including Remote Code Execution (RCE)

Impact A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. Patches Upgrade to NeuVector version 5.2.2 or later and latest Helm chart 2.6.3+....

GHSA-622H-H2P8-743X JWT token compromise can allow malicious actions including Remote Code Execution (RCE)

Impact A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. Patches Upgrade to NeuVector version 5.2.2 or later and latest Helm chart 2.6.3+....

PT-2023-23657 · Neuvector · Neuvector

Name of the Vulnerable Software and Affected Versions: NeuVector versions prior to 5.2.2 Description: A user can reverse engineer the JSON Web Token JWT used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector, potentially leadi...

CVE-2023-22644

A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE...

The vulnerability of the Jenkins NeuVector Vulnerability Scanner Plugin, related to improper verification of SSL/TLS certificates, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Jenkins NeuVector Vulnerability Scanner Plugin is related to improper verification of the authenticity of SSL/TLS certificates. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....

GHSA-R3MM-V4X7-2PHM Jenkins NeuVector Vulnerability Scanner Plugin disables SSL/TLS certificate and hostname validation

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server...

Jenkins NeuVector Vulnerability Scanner Plugin disables SSL/TLS certificate and hostname validation

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server...

CVE-2023-30517

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server...

CVE-2023-30517

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server...

Input validation

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server...