CVE-2022-38666 — Improper Certificate Validation in Project Jenkins Ns-nd Integration Performance Publisher Plugin

CWE-295 — Improper Certificate Validation10 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 81.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Ns-nd Integration Performance Publisher Plugin Jenkins Ns-nd Integration Performance Publisher

Timeline

PublishedNov 15

Latest updateJan 12

Description

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5jenkins_project/jenkins_ns-nd_integration_performance_publisher_pluginunspecified — 4.8.0.146

▶NVDjenkins/ns-nd_integration_performance_publisher4.8.0.146

🔴Vulnerability Details

OSV

linux-iot vulnerabilities↗2026-01-12

▶

OSV

linux-raspi, linux-raspi-5.4 vulnerabilities↗2026-01-06

▶

OSV

linux-oracle-5.4 vulnerabilities↗2025-12-19

▶

OSV

linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities↗2025-12-11

▶

OSV

linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-xilinx-zynqmp vulnerabilities↗2025-12-10

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2022-11-15↗2022-11-15

▶