Jenkins neuvector vulnerability scanner plugin

This hub aggregates every CVE we track for Jenkins neuvector vulnerability scanner plugin, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 5 most recently published vulnerabilities affecting Jenkins neuvector vulnerability scanner plugin.

• CVE-2023-49674A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port usi...4.3Nov 29, 2023
• CVE-2023-49673A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using att...8.8Nov 29, 2023
• CVE-2023-30517Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner ...5.3Apr 12, 2023
• CVE-2022-43434Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that ...5.3Oct 19, 2022
• CVE-2019-10430Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access ...5.5Sep 25, 2019