2 matches found
CVE-2019-16546
Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks...
CVE-2019-16546
CVE-2019-16546 affects Jenkins Google Compute Engine Plugin 4.1.1 and earlier. The root cause is that the plugin does not verify SSH host keys when connecting agents, which enables a man-in-the-middle (MITM) scenario. Public-facing references in the connected documents confirm this behavior and d...