CVE-2023-30517

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.

Published: Apr 12, 2023
Updated: May 9, 2024
CVE: CVE-2023-30517
GHSA: GHSA-r3mm-v4x7-2phm
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
io.jenkins.plugins / neuvector-vulnerability-scanner	-	1.22.x
jenkins / neuvector_vulnerability_scanner	-	1.22.x

http://www.openwall.com/lists/oss-security/2023/04/13/3
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2841

Vulnerability Database

290,206

CVE-2023-30517