GHSA-3vwm-fc87-mq6h

Source

https://github.com/advisories/GHSA-3vwm-fc87-mq6h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-3vwm-fc87-mq6h/GHSA-3vwm-fc87-mq6h.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3vwm-fc87-mq6h

Aliases

CVE-2022-45391

Published

2022-11-16T12:00:23Z

Modified

2024-02-16T08:16:19.476259Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally

Details

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.

NS-ND Integration Performance Publisher Plugin 4.8.0.146 no longer disables SSL/TLS certificate and hostname validation globally.

Database specific

{
    "nvd_published_at": "2022-11-15T20:15:00Z",
    "cwe_ids": [
        "CWE-295"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-21T22:23:33Z"
}

References

Affected packages

Maven / io.jenkins.plugins:cavisson-ns-nd-integration

Package

Name: io.jenkins.plugins:cavisson-ns-nd-integration; View open source insights on deps.dev
Purl: pkg:maven/io.jenkins.plugins/cavisson-ns-nd-integration

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.8.0.146

Affected versions

4.*

4.6.0.23

4.6.0.24

4.6.1.40

4.6.1.65

4.6.1.65.1

4.6.1.65.2

4.6.1.66

4.6.1.68

4.6.1.69

4.6.1.70

4.6.1.76

4.6.1.78

4.6.1.79

4.6.1.80

4.6.1.82

4.6.1.83

4.6.1.85

4.6.1.93

4.8.0.77

4.8.0.129

4.8.0.130

4.8.0.134

4.8.0.142

4.8.0.143