Jenkins Neuvector Scanner

Do you want an email whenever new security vulnerabilities are reported in Jenkins Neuvector Scanner?

By the Year

In 2024 there have been 0 vulnerabilities in Jenkins Neuvector Scanner . Last year Neuvector Scanner had 3 security vulnerabilities published. Right now, Neuvector Scanner is on track to have less security vulnerabilities in 2024 than it did last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	3	6.13
2022	1	5.30
2021	0	0.00
2020	0	0.00
2019	1	5.50
2018	0	0.00

It may take a day or so for new Neuvector Scanner vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Neuvector Scanner Security Vulnerabilities

A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier

CVE-2023-49674 4.3 - Medium - November 29, 2023

A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

AuthZ

A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier

CVE-2023-49673 8.8 - High - November 29, 2023

A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.

Session Riding

Jenkins NeuVector Vulnerability S

CVE-2023-30517 5.3 - Medium - April 12, 2023

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.

Improper Certificate Validation

Jenkins NeuVector Vulnerability S

CVE-2022-43434 5.3 - Medium - October 19, 2022

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.

Jenkins NeuVector Vulnerability S

CVE-2019-10430 5.5 - Medium - September 25, 2019

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Cleartext Storage of Sensitive Information

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Neuvector Scanner or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

Jenkins Neuvector Scanner
Product

Jenkins Neuvector Scanner

By the Year

Recent Jenkins Neuvector Scanner Security Vulnerabilities

A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier CVE-2023-49674 4.3 - Medium - November 29, 2023

A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier CVE-2023-49673 8.8 - High - November 29, 2023

Jenkins NeuVector Vulnerability S CVE-2023-30517 5.3 - Medium - April 12, 2023

Jenkins NeuVector Vulnerability S CVE-2022-43434 5.3 - Medium - October 19, 2022

Jenkins NeuVector Vulnerability S CVE-2019-10430 5.5 - Medium - September 25, 2019