Lucene search
JenkinsCVELIST:CVE-2023-49652HistoryNov 29, 2023 - 1:45 p.m.
CVE-2023-49652
2023-11-2913:45:09
jenkins
www.cve.org
jenkins
google compute engine
permission checks
security vulnerability
backport
Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1.
CNA Affected
[
{
"vendor": "Jenkins Project",
"product": "Jenkins Google Compute Engine Plugin",
"versions": [
{
"version": "4.551.v5a_4dc98f6962",
"versionType": "maven",
"lessThan": "*",
"status": "unaffected"
},
{
"version": "4.3.17.1",
"versionType": "maven",
"lessThan": "4.3.17.*",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
]Related
osv
osv
Jenkins Google Compute Engine Plugin has incorrect permission checks
2023-11-29 15:30:21
CVE-2023-49652
2023-11-29 14:15:07
nvd
nvd
CVE-2023-49652
2023-11-29 14:15:07
prion
prion
Design/Logic Flaw
2023-11-29 14:15:00
alpinelinux
alpinelinux
CVE-2023-49652
2023-11-29 14:15:07
cve
cve
CVE-2023-49652
2023-11-29 14:15:07
github
github
Jenkins Google Compute Engine Plugin has incorrect permission checks
2023-11-29 15:30:21
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-11-29)
2023-11-29 00:00:00