CVE-2022-45391
published 2022-11-15CVE-2022-45391: Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation…
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | associated_files_plugin | — | — |
| jenkins | bart_plugin | — | — |
| jenkins | cccc_plugin | — | — |
| jenkins | cluster_statistics_plugin | — | — |
| jenkins | config_rotator_plugin | — | — |
| jenkins | delete_log_plugin | — | — |
| jenkins | japex_plugin | — | — |
| jenkins | junit_plugin | — | — |
| jenkins | naginator_plugin | — | — |
| jenkins | ns-nd_integration_performance_publisher | < 4.8.0.146 | 4.8.0.146 |
| jenkins | ns-nd_integration_performance_publisher_plugin | — | — |
| jenkins | pipeline_utility_steps_plugin | — | — |
| jenkins | registry_notification_plugin | — | — |
| jenkins | reverse_proxy_auth_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | sourcemonitor_plugin | — | — |
| jenkins | support_core_plugin | — | — |
| jenkins | urls_in_the_plugin | — | — |
| jenkins | violations_plugin | — | — |
| jenkins | xml_linter_plugin | — | — |
| jenkins | xp-dev_plugin | — | — |
| jenkins_project | jenkins_ns-nd_integration_performance_publisher_plugin | unspecified – 4.8.0.143 | — |