Lucene search
PRIOn knowledge basePRION:CVE-2023-49652HistoryNov 29, 2023 - 2:15 p.m.
Design/Logic Flaw
2023-11-2914:15:00
PRIOn knowledge base
www.prio-n.com
3
permission checks
jenkins
google cloud platform
credentials
security flaw
Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1.
| CPE | Name | Operator | Version |
|---|---|---|---|
| google_compute_engine | lt | 4.3.17.1 |
Related
cvelist
cvelist
CVE-2023-49652
2023-11-29 13:45:09
osv
osv
Jenkins Google Compute Engine Plugin has incorrect permission checks
2023-11-29 15:30:21
CVE-2023-49652
2023-11-29 14:15:07
nvd
nvd
CVE-2023-49652
2023-11-29 14:15:07
cve
cve
CVE-2023-49652
2023-11-29 14:15:07
github
github
Jenkins Google Compute Engine Plugin has incorrect permission checks
2023-11-29 15:30:21
alpinelinux
alpinelinux
CVE-2023-49652
2023-11-29 14:15:07
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-11-29)
2023-11-29 00:00:00