Default credentials

A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

GHSA-WMFH-H3VM-RCXM Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. NeuVector Vulnerability Scanner Plugin 1.20 and earlier globally disables the...