CVE-2022-41228
published 2022-09-21CVE-2022-41228: A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intel | optimization_for_tensorflow | >= 0 < 2.6.4 | 2.6.4 |
| intel | optimization_for_tensorflow | >= 2.7.0 < 2.7.2 | 2.7.2 |
| intel | optimization_for_tensorflow | >= 2.8.0 < 2.8.1 | 2.8.1 |
| jenkins | anchore_container_image_scanner_plugin | — | — |
| jenkins | apprenda_plugin | — | — |
| jenkins | bigpanda_notifier_plugin | — | — |
| jenkins | bmc_ami_common_configuration_plugin | — | — |
| jenkins | cons3rt_plugin | — | — |
| jenkins | dotci_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | lack_of_authentication_mechanism_in_dotci_plugin | — | — |
| jenkins | ns-nd_integration_performance_publisher | < 4.8.0.130 | 4.8.0.130 |
| jenkins | ns-nd_integration_performance_publisher_plugin | — | — |
| jenkins | rqm_plugin | — | — |
| jenkins | rundeck_plugin | — | — |
| jenkins | scm_httpclient_plugin | — | — |
| jenkins | security_inspector_plugin | — | — |
| jenkins | smalltest_plugin | — | — |
| jenkins | this_could_create_confusion_in_users_of_the_plugin | — | — |
| jenkins | urls_of_jenkins_servers_that_the_plugin | — | — |
| jenkins | view26_test-reporting_plugin | — | — |
| jenkins | walti_plugin | — | — |
| jenkins | wildfly_deployer_plugin | — | — |
| jenkins | worksoft_execution_manager_plugin | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ghsa7.8HIGH