CVE-2019-16547 – org.jenkins-ci.plugins:google-compute-engine

Package

Manager: maven
Name: org.jenkins-ci.plugins:google-compute-engine
Vulnerable Version: >=0 <4.2.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00031 pctl0.07238

Details

Jenkins Google Compute Engine Plugin Missing Authorization vulnerability Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment. Google Compute Engine Plugin 4.2.0 requires the appropriate Job/Configure permission to view these metadata.

Metadata

Created: 2022-05-24T17:01:41Z
Modified: 2022-12-06T21:58:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v98h-rv7j-hf6j/GHSA-v98h-rv7j-hf6j.json
CWE IDs: ["CWE-285", "CWE-862"]
Alternative ID: GHSA-v98h-rv7j-hf6j
Finding: F039
Auto approve: 1