CVE-2023-30517
published 2023-04-12CVE-2023-30517: Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | assembla_merge_request_builder_plugin | — | — |
| jenkins | azure_key_vault_plugin | — | — |
| jenkins | consul_kv_builder_plugin | — | — |
| jenkins | delinea_secret_server_platform_plugin | — | — |
| jenkins | fogbugz_plugin | — | — |
| jenkins | image_tag_parameter_plugin | — | — |
| jenkins | kubernetes_plugin | — | — |
| jenkins | lack_of_authentication_mechanism_in_fogbugz_plugin | — | — |
| jenkins | lack_of_authentication_mechanism_in_turboscript_plugin | — | — |
| jenkins | lucene-search_plugin | — | — |
| jenkins | neuvector_vulnerability_scanner | <= 1.22 | — |
| jenkins | quay.io_trigger_plugin | — | — |
| jenkins | report_portal_plugin | — | — |
| jenkins | thycotic_devops_secrets_vault_plugin | — | — |
| jenkins | turboscript_plugin | — | — |
| jenkins_project | jenkins_neuvector_vulnerability_scanner_plugin | <= 1.22 | — |