CVE-2022-45391 — Improper Certificate Validation in Jenkins Ns-nd Integration Performance Publisher

CWE-295 — Improper Certificate Validation5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 78.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Ns-nd Integration Performance Publisher Jenkins Project Jenkins Ns-nd Integration Performance Publisher Plugin

Timeline

PublishedNov 15

Latest updateNov 16

Description

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5jenkins_project/jenkins_ns-nd_integration_performance_publisher_pluginunspecified — 4.8.0.143

▶NVDjenkins/ns-nd_integration_performance_publisher< 4.8.0.146

🔴Vulnerability Details

GHSA

Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally↗2022-11-16

▶

OSV

Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally↗2022-11-16

▶

CVEList

CVE-2022-45391: Jenkins NS-ND Integration Performance Publisher Plugin 4↗2022-11-15

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2022-11-15↗2022-11-15

▶