CVE-2022-45391

Name of the Vulnerable Software and Affected Versions Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.143 and earlier

Description The issue concerns the global and unconditional disabling of SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. This affects the security of the system by not verifying the identity of the servers it connects to, potentially allowing man-in-the-middle attacks.

Recommendations For versions 4.8.0.143 and earlier, update to version 4.8.0.146 or later, which no longer disables SSL/TLS certificate and hostname validation globally.