CSRF Vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin
CVE-2023-49673

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Neuvector Vulnerability Scanner Plugin
Vendor: CVE Published:; 29 November 2023

Summary

A cross-site request forgery vulnerability exists in the Jenkins NeuVector Vulnerability Scanner Plugin, which may allow attackers to manipulate the application by sending unauthorized commands. An attacker can exploit this vulnerability to connect to a specified hostname and port, using custom credentials provided by them. This type of attack can lead to significant security issues if not mitigated. Proper validation and implementation of security measures are crucial to safeguard against such vulnerabilities.

Affected Version(s)

Jenkins NeuVector Vulnerability Scanner Plugin 0 <= 1.22

References

https://www.jenkins.io/security/advisory/2023-11-29/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/11/29/1

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 29, 2023
Vulnerability Reserved
Nov 29, 2023