EUVD-2022-6856

Malicious code in bioql PyPI...

CVE-2022-41229

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-41227

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials...

Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking

Jenkins NS-ND Integration Performance Publisher Plugin stores credentials in job config.xml files on the Jenkins controller as part of its configuration. While these credentials are stored encrypted on disk, in NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier, the job...

GHSA-GQXR-HVRW-6HFH Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking

Jenkins NS-ND Integration Performance Publisher Plugin stores credentials in job config.xml files on the Jenkins controller as part of its configuration. While these credentials are stored encrypted on disk, in NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier, the job...

CVE-2023-33000

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them...

CVE-2023-33000

CVE-2023-33000 affects Jenkins NS-ND Integration Performance Publisher Plugin. Versions up to 4.8.0.149 do not mask credentials in the configuration form, enabling observers to see them. The issue, with a high confidentiality impact (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), is mitigated in...

Jenkins NS-ND Integration Performance Publisher Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin

NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These passwords can be viewed by attackers with Item/Extended Read permission or access to the Jenkins controller file...

GHSA-VJ5R-MMP4-3HRX SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. Currently, there are no known workarounds or patches...

CVE-2022-45392

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-45392

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-45391

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM...

CVE-2022-38666

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features...

PT-2022-27493 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.143 and earlier Description: The issue concerns the global and unconditional disabling of SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM...

CVE-2022-38666

CVE-2022-38666 affects Jenkins NS-ND Integration Performance Publisher Plugin, where versions 4.8.0.146 and earlier unconditionally disable SSL/TLS certificate and hostname validation for several features. Root cause: unconditional disabling of TLS validation within the plugin. Documented impact:...

CVE-2022-45392

CVE-2022-45392 concerns the Jenkins NS-ND Integration Performance Publisher Plugin (v4.8.0.143 and earlier). The vulnerability stores passwords in plaintext in job config.xml files on the Jenkins controller, allowing exposure to anyone with Extended Read permission or access to the controller fil...

Jenkins NS-ND Integration Performance Publisher Plugin 信任管理问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A trust management issue...

CVE-2022-45392

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...

Jenkins Plugin NS-ND Integration Performance Publisher 信任管理问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin NS-ND...