Google Compute Engine@* Security Vulnerabilities and Issues — Google Compute Engine@* CVE List

Lucene search

JenkinsGoogle Compute Engine*

5 matches found

CVE•added 2019/11/21 3:15 p.m.•61 views

CVE-2019-16548

A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents.

8.8CVSS8.5AI score0.0011EPSS

CVE•added 2019/11/21 3:15 p.m.•60 views

CVE-2019-16546

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.

5.9CVSS5.6AI score0.00045EPSS

CVE•added 2023/11/29 2:15 p.m.•59 views

CVE-2023-49673

A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.

8.8CVSS8.6AI score0.00074EPSS

CVE•added 2019/11/21 3:15 p.m.•56 views

CVE-2019-16547

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment.

4.3CVSS4.2AI score0.00031EPSS

CVE•added 2023/11/29 2:15 p.m.•44 views

CVE-2023-49652

Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins an...

2.7CVSS3.4AI score0.00036EPSS