Lucene search
K

232 matches found

CNVD
CNVD
added 2019/12/23 12:0 a.m.2 views

NeuVector Authentication Vulnerability

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. A security vulnerability exists in NeuVector version 3.1. The vulnerability can be...

9.8CVSS6.8AI score0.01393EPSS
Exploits1References1
OSV
OSV
added 2019/12/20 5:15 p.m.5 views

CVE-2019-19747

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password provided that the active directo...

9.8CVSS7.3AI score0.01393EPSS
Exploits1References2
NVD
NVD
added 2019/12/20 5:15 p.m.18 views

CVE-2019-19747

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password provided that the active directo...

9.8CVSS9.7AI score0.01393EPSS
Exploits1References2
Prion
Prion
added 2019/12/20 5:15 p.m.14 views

Authentication flaw

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password provided that the active directo...

7.5CVSS9.5AI score0.01393EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/12/20 4:41 p.m.20 views

CVE-2019-19747

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password provided that the active directo...

9.7AI score0.01393EPSS
Exploits1References2
CVE
CVE
added 2019/12/20 4:41 p.m.84 views

CVE-2019-19747

NeuVector 3.1 authentication flaw: when configured to use Active Directory, empty passwords are not rejected, letting an attacker with portal access authenticate as any LDAP user if the AD server allows empty passwords. The issue is rooted in not enforcing non-empty passwords during AD login; CVS...

9.8CVSS9.5AI score0.01393EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2019/09/25 4:15 p.m.29 views

CVE-2019-10430

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

5.5CVSS5.4AI score0.00252EPSS
Exploits0References2
OSV
OSV
added 2019/09/25 4:15 p.m.3 views

CVE-2019-10430

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

5.5CVSS6.1AI score0.00252EPSS
Exploits0References2
Prion
Prion
added 2019/09/25 4:15 p.m.19 views

Design/Logic Flaw

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

2.1CVSS5.4AI score0.00252EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/09/25 3:5 p.m.31 views

CVE-2019-10430

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

5.3AI score0.00252EPSS
Exploits0References2
CVE
CVE
added 2019/09/25 3:5 p.m.56 views

CVE-2019-10430

CVE-2019-10430 affects the Jenkins NeuVector Vulnerability Scanner Plugin (versions 1.5 and earlier). The root cause is that credentials are stored unencrypted in the plugin’s global configuration file on the Jenkins master, which could be viewed by users with access to the master file system. Im...

5.5CVSS5.3AI score0.00252EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/09/25 12:0 a.m.4 views

PT-2019-11824 · Jenkins · Jenkins Neuvector Vulnerability Scanner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NeuVector Vulnerability Scanner Plugin versions 1.5 and earlier Description: The issue allows stored credentials to be viewed unencrypted in the global configuration file on the Jenkins master by users with access to the master file...

5.5CVSS5.3AI score0.00252EPSS
Exploits0References5
Rows per page
Query Builder