Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization
Moderate severity
GitHub Reviewed
Published
Sep 22, 2022
to the GitHub Advisory Database
•
Updated Jan 31, 2023
Package
Affected versions
<= 4.8.0.129
Patched versions
4.8.0.130
Description
Published by the National Vulnerability Database
Sep 21, 2022
Published to the GitHub Advisory Database
Sep 22, 2022
Reviewed
Sep 23, 2022
Last updated
Jan 31, 2023
A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer permission for the affected form validation method.
References