Neuvector Vulnerability Scanner Security Vulnerabilities and Issues — Neuvector Vulnerability Scanner CVE List

Lucene search

JenkinsNeuvector Vulnerability Scanner

5 matches found

CVE•added 2022/10/19 4:15 p.m.•68 views

CVE-2022-43434

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.

5.3CVSS5.2AI score0.00139EPSS

CVE•added 2023/11/29 2:15 p.m.•57 views

CVE-2023-49673

A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.

8.8CVSS8.6AI score0.00074EPSS

CVE•added 2023/04/12 6:15 p.m.•43 views

CVE-2023-30517

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.

5.3CVSS5.1AI score0.00022EPSS

CVE•added 2019/09/25 4:15 p.m.•40 views

CVE-2019-10430

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

5.5CVSS5.3AI score0.00032EPSS

CVE•added 2023/11/29 2:15 p.m.•40 views

CVE-2023-49674

A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

4.3CVSS4.4AI score0.00036EPSS