Pavel Nakonechnyi

**Name of the Vulnerable Software and Affected Versions** Jenkins NeuVector Vulnerability Scanner Plugin versions 1.22 and earlier **Description** The issue is related to improper SSL/TLS certificate authentication. It may allow a remote attacker to gain unauthorized access to protected information. The plugin unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server. **Recommendations** For Jenkins NeuVector Vulnerability Scanner Plugin versions 1.22 and earlier, update to a version that conditionally enables SSL/TLS certificate and hostname validation to prevent unauthorized access. As a temporary workaround, consider restricting access to the plugin until a patch is available.