Jenkins Neuvector Scanner

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Jenkins Neuvector Scanner.

By the Year

In 2026 there have been 0 vulnerabilities in Jenkins Neuvector Scanner. Neuvector Scanner did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	0	0.00
2024	0	0.00
2023	3	6.13
2022	1	5.30
2021	0	0.00
2020	0	0.00
2019	1	5.50

It may take a day or so for new Neuvector Scanner vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Neuvector Scanner Security Vulnerabilities

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 Remote Credential Leak
CVE-2023-49674 4.3 - Medium - November 29, 2023

A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

AuthZ

CSRF in Jenkins NeuVector Vulnerability Scanner Plugin <=1.22
CVE-2023-49673 8.8 - High - November 29, 2023

A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.

Session Riding

Jenkins NeuVector Scanner Plugin <=1.22 Disables SSL/TLS Cert/Host Validation
CVE-2023-30517 5.3 - Medium - April 12, 2023

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.

Improper Certificate Validation

CVE-2022-43434: Jenkins NeuVector Scanner Plugin before 1.20 CSP bypass
CVE-2022-43434 5.3 - Medium - October 19, 2022

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.

Jenkins NeuVector Vulnerability S
CVE-2019-10430 5.5 - Medium - September 25, 2019

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Cleartext Storage of Sensitive Information

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Neuvector Scanner or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

Jenkins Neuvector Scanner
Product

Jenkins Neuvector Scanner

Don't miss out!

By the Year

Recent Jenkins Neuvector Scanner Security Vulnerabilities

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 Remote Credential Leak CVE-2023-49674 4.3 - Medium - November 29, 2023

CSRF in Jenkins NeuVector Vulnerability Scanner Plugin <=1.22 CVE-2023-49673 8.8 - High - November 29, 2023

Jenkins NeuVector Scanner Plugin <=1.22 Disables SSL/TLS Cert/Host Validation CVE-2023-30517 5.3 - Medium - April 12, 2023

CVE-2022-43434: Jenkins NeuVector Scanner Plugin before 1.20 CSP bypass CVE-2022-43434 5.3 - Medium - October 19, 2022

Jenkins NeuVector Vulnerability S CVE-2019-10430 5.5 - Medium - September 25, 2019