CVE-2023-49673

Summary

CVE-2023-49673 is a cross-site request forgery (CSRF) vulnerability affecting the Jenkins NeuVector Vulnerability Scanner Plugin version 1.22 and earlier. This issue enables attackers to manipulate user sessions, resulting in unauthorized connections to attacker-specified hostnames and ports. The vulnerability is significant because it can lead to privileged access and potential data exfiltration or system compromise. To mitigate this risk, it is recommended that users upgrade to the latest version of the plugin or implement CSRF tokens to secure requests.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.