SSL/TLS Certificate Validation Vulnerability in Jenkins Performance Publisher Plugin
CVE-2022-38666

7.5HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Ns-nd Integration Performance Publisher Plugin
Vendor: CVE Published:; 15 November 2022

Summary

The NS-ND Integration Performance Publisher Plugin for Jenkins fails to validate SSL/TLS certificates and hostnames across various features. This unconditioned behavior can expose users to security risks, including man-in-the-middle attacks and data interception, as secure communication channels may be compromised. It is crucial for Jenkins users to review the configurations of their Performance Publisher Plugin and implement adequate security measures to mitigate potential threats.

Affected Version(s)

Jenkins NS-ND Integration Performance Publisher Plugin <= 4.8.0.146

References

https://www.jenkins.io/security/advisory/2022-11-15/#SECU...

http://www.openwall.com/lists/oss-security/2022/11/15/4

mailing-list

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2022
Vulnerability Reserved
Aug 22, 2022