CVE-2022-38666
published 2022-11-15CVE-2022-38666: Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several…
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | associated_files_plugin | — | — |
| jenkins | bart_plugin | — | — |
| jenkins | cccc_plugin | — | — |
| jenkins | cluster_statistics_plugin | — | — |
| jenkins | config_rotator_plugin | — | — |
| jenkins | delete_log_plugin | — | — |
| jenkins | japex_plugin | — | — |
| jenkins | junit_plugin | — | — |
| jenkins | naginator_plugin | — | — |
| jenkins | ns-nd_integration_performance_publisher | <= 4.8.0.146 | — |
| jenkins | ns-nd_integration_performance_publisher_plugin | — | — |
| jenkins | pipeline_utility_steps_plugin | — | — |
| jenkins | registry_notification_plugin | — | — |
| jenkins | reverse_proxy_auth_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | sourcemonitor_plugin | — | — |
| jenkins | support_core_plugin | — | — |
| jenkins | urls_in_the_plugin | — | — |
| jenkins | violations_plugin | — | — |
| jenkins | xml_linter_plugin | — | — |
| jenkins | xp-dev_plugin | — | — |
| jenkins_project | jenkins_ns-nd_integration_performance_publisher_plugin | unspecified – 4.8.0.146 | — |
| linux | linux_kernel | >= 0 < 5.4.0-224.244 | 5.4.0-224.244 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.8HIGH