CVE-2023-30517

CVE-2023-30517 affects Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier. The root cause is that the plugin unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server, exposing clients to potential inte...

CVE-2023-30517

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server...

CVE-2023-30517

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server...

Jenkins Plugin NeuVector Vulnerability Scanner 信任管理问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-2501 · Jenkins · Jenkins Neuvector Vulnerability Scanner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NeuVector Vulnerability Scanner Plugin versions 1.22 and earlier Description: The issue is related to improper SSL/TLS certificate authentication. It may allow a remote attacker to gain unauthorized access to protected information. Th...

GHSA-WMFH-H3VM-RCXM Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. NeuVector Vulnerability Scanner Plugin 1.20 and earlier globally disables the...

Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. NeuVector Vulnerability Scanner Plugin 1.20 and earlier globally disables the...

CVE-2022-43434

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

CVE-2022-43434

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

Design/Logic Flaw

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

CVE-2022-43434

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

PT-2022-26918 · Jenkins · Jenkins Neuvector Vulnerability Scanner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NeuVector Vulnerability Scanner Plugin versions 1.20 and earlier Description: The issue allows cross-site scripting XSS attacks by users with the ability to control files in workspaces, archived artifacts, etc. This is because the...

CVE-2022-43434

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

Jenkins NeuVector Vulnerability Scanner Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2022-43434

CVE-2022-43434 affects Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier. The issue: the plugin programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, and other Jenkins download surfaces, enabling potential cross-si...

Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

GHSA-3FPX-G9H3-HH8X Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

NeuVector Authentication Vulnerability

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. A security vulnerability exists in NeuVector version 3.1. The vulnerability can be...

CVE-2019-19747

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password provided that the active directo...

CVE-2019-19747

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password provided that the active directo...