232 matches found
NeuVector Authentication Vulnerability
NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. A security vulnerability exists in NeuVector version 3.1. The vulnerability can be...
CVE-2019-19747
NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password provided that the active directo...
CVE-2019-19747
NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password provided that the active directo...
Authentication flaw
NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password provided that the active directo...
CVE-2019-19747
NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password provided that the active directo...
CVE-2019-19747
NeuVector 3.1 authentication flaw: when configured to use Active Directory, empty passwords are not rejected, letting an attacker with portal access authenticate as any LDAP user if the AD server allows empty passwords. The issue is rooted in not enforcing non-empty passwords during AD login; CVS...
CVE-2019-10430
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10430
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
Design/Logic Flaw
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10430
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10430
CVE-2019-10430 affects the Jenkins NeuVector Vulnerability Scanner Plugin (versions 1.5 and earlier). The root cause is that credentials are stored unencrypted in the plugin’s global configuration file on the Jenkins master, which could be viewed by users with access to the master file system. Im...
PT-2019-11824 · Jenkins · Jenkins Neuvector Vulnerability Scanner Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins NeuVector Vulnerability Scanner Plugin versions 1.5 and earlier Description: The issue allows stored credentials to be viewed unencrypted in the global configuration file on the Jenkins master by users with access to the master file...