A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials.
References
Link | Resource |
---|---|
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2737 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-09-21 09:15
Updated : 2022-09-22 08:10
NVD link : CVE-2022-41228
Mitre link : CVE-2022-41228
JSON object : View
CWE
CWE-862
Missing Authorization
Products Affected
jenkins
- ns-nd_integration_performance_publisher