Description
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/11/15/4
https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20%282%29
Related Vulnerabilities
CVE-2021-43307 Vulnerability in npm package semver-regex
CVE-2021-21290 Vulnerability in maven package io.netty:netty-transport-native-unix-common-tests
CVE-2022-36099 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
CVE-2021-39234 Vulnerability in maven package org.apache.ozone:ozone-common
CVE-2021-20289 Vulnerability in maven package org.jboss.resteasy:resteasy-core