cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-33000,https://securityvulnerability.io/vulnerability/CVE-2023-33000,Unmasked Credentials in Jenkins Performance Publisher Plugin by Jenkins,The NS-ND Integration Performance Publisher Plugin for Jenkins fails to mask sensitive credentials displayed on its configuration form. This lack of masking raises the risk of unauthorized access as attackers might observe and capture these credentials during their interaction with the interface. Organizations using this plugin should take immediate action to mitigate the risk and safeguard their credentials to prevent potential breaches.,Jenkins,Jenkins Ns-nd Integration Performance Publisher Plugin,7.5,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-05-16T17:15:00.000Z,0
CVE-2022-38666,https://securityvulnerability.io/vulnerability/CVE-2022-38666,SSL/TLS Certificate Validation Vulnerability in Jenkins Performance Publisher Plugin,"The NS-ND Integration Performance Publisher Plugin for Jenkins fails to validate SSL/TLS certificates and hostnames across various features. This unconditioned behavior can expose users to security risks, including man-in-the-middle attacks and data interception, as secure communication channels may be compromised. It is crucial for Jenkins users to review the configurations of their Performance Publisher Plugin and implement adequate security measures to mitigate potential threats.",Jenkins,Jenkins Ns-nd Integration Performance Publisher Plugin,7.5,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2022-11-15T00:00:00.000Z,0
CVE-2022-45391,https://securityvulnerability.io/vulnerability/CVE-2022-45391,Jenkins NS-ND Integration Performance Publisher Plugin Vulnerability - Jenkins,"The Jenkins NS-ND Integration Performance Publisher Plugin prior to version 4.8.0.144 disables SSL/TLS certificate and hostname validation across the Jenkins controller JVM. This lack of validation can expose systems to potential man-in-the-middle attacks, as the plugin can accept unverified or malicious certificate connections. Without proper certificate validation, sensitive data may be intercepted or compromised, posing significant security risks for users relying on this integration.",Jenkins,Jenkins Ns-nd Integration Performance Publisher Plugin,7.5,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2022-11-15T00:00:00.000Z,0
CVE-2022-45392,https://securityvulnerability.io/vulnerability/CVE-2022-45392,Unencrypted Password Storage in Jenkins Performance Publisher Plugin,The NS-ND Integration Performance Publisher Plugin for Jenkins allows for unencrypted storage of passwords within job config.xml files on the Jenkins controller. This oversight makes sensitive credentials potentially visible to attackers who possess Extended Read permission or access to the underlying file system. This vulnerability underscores the importance of secure credential management in CI/CD pipelines.,Jenkins,Jenkins NS-ND Integration Performance Publisher Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-11-15T00:00:00.000Z,0
CVE-2022-41229,https://securityvulnerability.io/vulnerability/CVE-2022-41229,Stored Cross-Site Scripting Vulnerability in Jenkins Performance Publisher Plugin,"The NS-ND Integration Performance Publisher Plugin for Jenkins, up to version 4.8.0.134, is susceptible to stored cross-site scripting due to improper handling of configuration options in the Execute NetStorm/NetCloud Test build step. This flaw allows attackers with Item/Configure permissions to inject malicious scripts that could be executed in the context of other users. As a result, sensitive information could be compromised, and mechanisms in place to safeguard user sessions may be circumvented.",Jenkins,Jenkins Ns-nd Integration Performance Publisher Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-09-21T15:45:50.000Z,0
CVE-2022-41228,https://securityvulnerability.io/vulnerability/CVE-2022-41228,Permission Check Flaw in Jenkins NS-ND Integration Performance Publisher Plugin,"The Jenkins NS-ND Integration Performance Publisher Plugin suffers from a missing permission check, which allows users with Overall/Read permissions to connect to an arbitrary web server using provided attacker-defined credentials. This oversight can lead to unauthorized access, potentially compromising sensitive data and operations within Jenkins installations.",Jenkins,Jenkins Ns-nd Integration Performance Publisher Plugin,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-09-21T15:45:49.000Z,0
CVE-2022-41227,https://securityvulnerability.io/vulnerability/CVE-2022-41227,Cross-Site Request Forgery in Jenkins NS-ND Integration Performance Publisher Plugin,"A cross-site request forgery (CSRF) vulnerability in the Jenkins NS-ND Integration Performance Publisher Plugin enables attackers to craft malicious requests that can connect to a webserver of their choice, utilizing attacker-specified credentials. This exploit can lead to unauthorized actions being performed within the Jenkins environment, posing a serious risk to application integrity and data security.",Jenkins,Jenkins Ns-nd Integration Performance Publisher Plugin,8.8,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2022-09-21T15:45:48.000Z,0
CVE-2022-34191,https://securityvulnerability.io/vulnerability/CVE-2022-34191,Stored Cross-Site Scripting Vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin,"The NS-ND Integration Performance Publisher Plugin for Jenkins prior to version 4.8.0.77 contains a vulnerability where it fails to properly escape the names of NetStorm Test parameters. This oversight allows attackers with Item/Configure permissions to potentially exploit the application by injecting malicious scripts that can be executed in the context of the user's session, leading to unauthorized data access and other harmful actions.",Jenkins,Jenkins Ns-nd Integration Performance Publisher Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-06-23T17:15:00.000Z,0