A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer permission for the affected form validation method.
{ "nvd_published_at": "2022-09-21T16:15:00Z", "github_reviewed_at": "2022-09-23T13:44:21Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-352" ] }