CVE-2023-49674: A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an…

medium4.3CVSS 3.1

AVNACLPRLUINSUCNILAN

A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

Affected

5 ranges

Vendor	Product	Version range	Fixed in
jenkins	google_compute_engine_plugin	—	—
jenkins	jira_plugin	—	—
jenkins	matlab_plugin	—	—
jenkins	neuvector_vulnerability_scanner	<= 1.22	—
jenkins_project	jenkins_neuvector_vulnerability_scanner_plugin	<= 1.22	—