CVE-2023-49673

CVSS v3.1 8.8 (High)

EPSS 0.06 % (25^th)

Affected Products 4

Advisories 2

NVD Status Modified

A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.

Weaknesses

CWE-352: Cross-Site Request Forgery (CSRF)

CVE Status: PUBLISHED
NVD Status: Modified
CNA: Jenkins Project
Published Date: 2023-11-29 14:15:07
(9 months ago)
Updated Date: 2024-08-01 13:45:13
(6 weeks ago)

Affected Products

Jenkins

Configuration #1

		CPE23	From	Up To
	Jenkins Neuvector Vulnerability Scanner for Jenkins prior 2.2 version	cpe:2.3:a:jenkins:neuvector_vulnerability_scanner::::::jenkins		< 2.2

Configuration #2

		CPE23	From	Up To
	Jenkins Jira for Jenkins prior 3.1.2 version	cpe:2.3:a:jenkins:jira::::::jenkins		< 3.1.2

Configuration #3

		CPE23	From	Up To
	Jenkins Google Compute Engine for Jenkins prior 4.551.0 version	cpe:2.3:a:jenkins:google_compute_engine::::::jenkins		< 4.551.0

Configuration #4

		CPE23	From	Up To
	Jenkins Matlab for Jenkins prior 2.11.1 version	cpe:2.3:a:jenkins:matlab::::::jenkins		< 2.11.1