Vulnerabilities > Jenkins > NS ND Integration Performance Publisher > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-16 | CVE-2023-33000 | Insufficiently Protected Credentials vulnerability in Jenkins Ns-Nd Integration Performance Publisher Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them. | 7.5 |
| 2022-11-15 | CVE-2022-38666 | Improper Certificate Validation vulnerability in Jenkins Ns-Nd Integration Performance Publisher Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. | 7.5 |
| 2022-11-15 | CVE-2022-45391 | Improper Certificate Validation vulnerability in Jenkins Ns-Nd Integration Performance Publisher Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. | 7.5 |
| 2022-09-21 | CVE-2022-41227 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Ns-Nd Integration Performance Publisher 4.8.0.129/4.8.0.77 A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. | 8.8 |
| 2022-09-21 | CVE-2022-41228 | Missing Authorization vulnerability in Jenkins Ns-Nd Integration Performance Publisher 4.8.0.129/4.8.0.77 A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. | 8.8 |