Jenkins NeuVector Vulnerability Scanner Plugin 1.22 Remote Credential Leak
CVE-2023-49674 Published on November 29, 2023

A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

Vendor Advisory NVD

Products Associated with CVE-2023-49674

Want to know whenever a new CVE is published for Jenkins Neuvector Scanner? stack.watch will email you.

Jenkins Neuvector Scanner

Affected Versions

Jenkins Project Jenkins NeuVector Vulnerability Scanner Plugin:

Before and including 1.22 is affected.

Exploit Probability

EPSS

0.04%

Percentile

10.53%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 Remote Credential LeakCVE-2023-49674 Published on November 29, 2023

Products Associated with CVE-2023-49674

Affected Versions

Exploit Probability

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 Remote Credential Leak
CVE-2023-49674 Published on November 29, 2023