14 matches found
CVE-2023-49652
Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier allow attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate system-scoped credentials IDs of credentials stored in Jenkins and t...
EUVD-2022-5682
Malicious code in bioql PyPI...
Jenkins Google Compute Engine Plugin has incorrect permission checks
Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier does not correctly perform permission checks in multiple HTTP endpoints. This allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to do the following: - Enumerate...
CVE-2023-49652
The CVE-2023-49652 entry concerns Jenkins Google Compute Engine Plugin (versions up to 4.550.vb_327fca_3db_11 and earlier). The underlying issue is incorrect permission checks that enable attackers with global Item/Configure permission (but without Item/Configure on any specific job) to enumerate...
CVE-2023-49652
Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier allow attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate system-scoped credentials IDs of credentials stored in Jenkins and t...
Jenkins Google Compute Engine Plugin has an unspecified vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A security vulnerability exists in the Jenkins Google Compute Engine Plugin, which stems from storing unencrypted private...
CVE-2022-29052
CVE-2022-29052 affects Jenkins Google Compute Engine Plugin 4.3.8 and earlier, which stores private keys unencrypted in cloud agent config.xml on the Jenkins controller, enabling viewing by users with Extended Read permission or filesystem access. This exposes sensitive keys; no exploit details a...
CVE-2019-16548
A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineClouddoProvision could be used to provision new agents...
CVE-2019-16546
Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks...
CVE-2019-16548
A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineClouddoProvision could be used to provision new agents...
CVE-2019-16548
CVE-2019-16548 concerns the Jenkins Google Compute Engine Plugin (up to v4.1.1). The vulnerability is a CSRF flaw in ComputeEngineCloud#doProvision that could be abused to provision new agents without proper authorization. Impact is exposure of administrative actions (agent provisioning) via CSRF...
CVE-2019-16548
A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineClouddoProvision could be used to provision new agents...
CVE-2019-16548
A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineClouddoProvision could be used to provision new agents...
CVE-2019-16547
CVE-2019-16547 affects the Jenkins Google Compute Engine Plugin (versions up to 4.1.1). The issue is missing permission checks on several API endpoints, allowing users with Overall/Read to obtain limited information about the plugin configuration and environment. In practice, the impact is inform...