4 matches found
CVE-2023-49674
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2023-49674
CVE-2023-49674 affects Jenkins NeuVector Vulnerability Scanner Plugin ≤ 1.22. A missing permission check in a connection test HTTP endpoint (and CSRF-vulnerable behavior) lets attackers with Overall/Read connect to an attacker-specified hostname and port using attacker-specified credentials, pote...
CVE-2023-49674
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
Jenkins plugins Multiple Vulnerabilities (2023-11-29)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Medium Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing the use of system-scoped...