ByteOS Network

CVE Vulnerability Details :

CVE-2023-30517

PUBLISHED

More Info Official Page

Assigner-jenkins

Assigner Org ID-39769cd5-e6e2-4dc8-927e-97b3aa056f5b

Published At-12 Apr, 2023 | 17:05

Updated At-07 Feb, 2025 | 18:08

▼CVE Numbering Authority (CNA)

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.

Affected Products

Vendor

Jenkins

Product

Jenkins NeuVector Vulnerability Scanner Plugin

Default Status

unknown

Versions

Affected

From 0 through 1.22 (maven)

References

Hyperlink	Resource
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2841	vendor-advisory
http://www.openwall.com/lists/oss-security/2023/04/13/3	N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2841	vendor-advisory x_transferred
http://www.openwall.com/lists/oss-security/2023/04/13/3	x_transferred

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-295	CWE-295 Improper Certificate Validation

Metrics

Version	Base score	Base severity	Vector
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References