CVE-2023-49673
published 2023-11-29CVE-2023-49673: A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | google_compute_engine | < 4.551.0 | 4.551.0 |
| jenkins | google_compute_engine_plugin | — | — |
| jenkins | jira | < 3.1.2 | 3.1.2 |
| jenkins | jira_plugin | — | — |
| jenkins | matlab | < 2.11.1 | 2.11.1 |
| jenkins | matlab_plugin | — | — |
| jenkins | neuvector_vulnerability_scanner | < 2.2 | 2.2 |
| jenkins_project | jenkins_neuvector_vulnerability_scanner_plugin | <= 1.22 | — |