Lucene search
+L

292 matches found

cve
cve
added 2022/11/15 12:0 a.m.280 views

CVE-2022-38666

CVE-2022-38666 affects Jenkins NS-ND Integration Performance Publisher Plugin, where versions 4.8.0.146 and earlier unconditionally disable SSL/TLS certificate and hostname validation for several features. Root cause: unconditional disabling of TLS validation within the plugin. Documented impact:...

7.5CVSS7.6AI score0.00396EPSS
Exploits0References2Affected Software1
cve
cve
added 2022/11/15 12:0 a.m.276 views

CVE-2022-45392

CVE-2022-45392 concerns the Jenkins NS-ND Integration Performance Publisher Plugin (v4.8.0.143 and earlier). The vulnerability stores passwords in plaintext in job config.xml files on the Jenkins controller, allowing exposure to anyone with Extended Read permission or access to the controller fil...

6.5CVSS6.5AI score0.00636EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2022/11/15 12:0 a.m.5 views

PT-2022-27493 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.143 and earlier Description: The issue concerns the global and unconditional disabling of SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM...

7.5CVSS7.4AI score0.00396EPSS
Exploits0References8
cnnvd
cnnvd
added 2022/11/15 12:0 a.m.52 views

Jenkins NS-ND Integration Performance Publisher Plugin 信任管理问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A trust management issue...

7.5CVSS7.3AI score0.00396EPSS
Exploits0References7
cve
cve
added 2022/11/15 12:0 a.m.280 views

CVE-2022-45391

Affected product: Jenkins NS-ND Integration Performance Publisher Plugin (version 4.8.0.143 and earlier). Issue: plugin globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM, undermining TLS trust and enabling potential interceptio...

7.5CVSS7.6AI score0.00396EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2022/11/15 12:0 a.m.4 views

PT-2022-24516 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.146 and earlier Description: The issue concerns the unconditional disabling of SSL/TLS certificate and hostname validation for several features. There are no known...

7.5CVSS6.5AI score0.00396EPSS
Exploits0References8
cnnvd
cnnvd
added 2022/11/15 12:0 a.m.15 views

Jenkins Plugin NS-ND Integration Performance Publisher 信任管理问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin NS-ND...

6.5CVSS6.6AI score0.00636EPSS
Exploits0References6
cvelist
cvelist
added 2022/11/15 12:0 a.m.38 views

CVE-2022-45391

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM...

7.9AI score0.00396EPSS
Exploits0References2
cvelist
cvelist
added 2022/11/15 12:0 a.m.32 views

CVE-2022-45392

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...

6.9AI score0.00636EPSS
Exploits0References2
openbugbounty
openbugbounty
added 2022/10/31 10:28 p.m.9 views

nd-skoda-volkswagen.cz Cross Site Scripting vulnerability OBB-3029231

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
osv
osv
added 2022/09/22 12:0 a.m.28 views

GHSA-JJCH-7G85-4M72 Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer...

4.3CVSS8.6AI score0.00462EPSS
Exploits0References3
github
github
added 2022/09/22 12:0 a.m.36 views

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and...

8.8CVSS8.2AI score0.00827EPSS
Exploits0References3Affected Software1
github
github
added 2022/09/22 12:0 a.m.33 views

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer...

8.8CVSS8.2AI score0.00462EPSS
Exploits0References3Affected Software1
github
github
added 2022/09/22 12:0 a.m.31 views

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-site Scripting

Jenkins NS-ND Integration Performance Publisher Plugin prior to version 4.8.0.147 does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.3AI score0.00469EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2022/09/21 4:15 p.m.28 views

CVE-2022-41228

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials...

8.8CVSS0.00827EPSS
Exploits0References1
nvd
nvd
added 2022/09/21 4:15 p.m.18 views

CVE-2022-41227

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials...

8.8CVSS0.00462EPSS
Exploits0References1
osv
osv
added 2022/09/21 4:15 p.m.5 views

CVE-2022-41227

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials...

8.8CVSS5.7AI score0.00462EPSS
Exploits0References1
osv
osv
added 2022/09/21 4:15 p.m.5 views

CVE-2022-41228

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials...

8.8CVSS5.8AI score0.00827EPSS
Exploits0References1
prion
prion
added 2022/09/21 4:15 p.m.13 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials...

6.8CVSS8.7AI score0.00462EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2022/09/21 3:45 p.m.7 views

CVE-2022-41229

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4AI score0.00469EPSS
Exploits0References1
Rows per page
Query Builder