A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer permission for the affected form validation method.

Affected Packages

Maven io.jenkins.plugins:cavisson-ns-nd-integration

Affected versions: 0 (fixed in 4.8.0.130)

Related CVEs

CVE-2022-41228

Key Information

GHSA ID

GHSA-j2mj-g8jp-gjfm

Published

September 22, 2022 12:00 AM

Last Modified

December 5, 2022 10:26 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

io.jenkins.plugins:cavisson-ns-nd-integration

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.