4.8.0.77

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

jenkins

CWE-862

NVD

Published: 2022-09-21

Updated: 2023-11-01

Summary

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins NS ND Integration Performance Publisher - Jenkins NS ND Integration Performance Publisher 4.8.0.77 Jenkins NS ND Integration Performance Publisher 4.8.0.129	3

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2737