pkg:maven/org.jenkins-ci.plugins/google-compute-engine
Type
maven
Namespace
org.jenkins-ci.plugins
Name
google-compute-engine
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/google-compute-engine package.
Moderate
5
Medium
5
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 4.1.1 |
CVE-2019-16546
|
JENKINS:SECURITY-1584 | `google-compute-engine` did not verify SSH host keys | medium |
2019-11-21T00:00:00
(4 years ago) |
|
Fixed | = 4.2.0 |
CVE-2019-16546
|
JENKINS:SECURITY-1584 | `google-compute-engine` did not verify SSH host keys | medium |
2019-11-21T00:00:00
(4 years ago) |
|
Affected | <= 4.1.1 |
CVE-2019-16547
|
JENKINS:SECURITY-1585 | `google-compute-engine` disclosed environment information to users with Overall/Read permission | medium |
2019-11-21T00:00:00
(4 years ago) |
|
Fixed | = 4.2.0 |
CVE-2019-16547
|
JENKINS:SECURITY-1585 | `google-compute-engine` disclosed environment information to users with Overall/Read permission | medium |
2019-11-21T00:00:00
(4 years ago) |
|
Affected | <= 4.1.1 |
CVE-2019-16548
|
JENKINS:SECURITY-1586 | CSRF vulnerability in `google-compute-engine` allowed provisioning agents | medium |
2019-11-21T00:00:00
(4 years ago) |
|
Fixed | = 4.2.0 |
CVE-2019-16548
|
JENKINS:SECURITY-1586 | CSRF vulnerability in `google-compute-engine` allowed provisioning agents | medium |
2019-11-21T00:00:00
(4 years ago) |
|
Affected | <= 4.3.8 |
CVE-2022-29052
|
JENKINS:SECURITY-2045 | Private key stored in plain text by `google-compute-engine` | medium |
2022-04-12T00:00:00
(2 years ago) |
|
Fixed | = 4.3.9 |
CVE-2022-29052
|
JENKINS:SECURITY-2045 | Private key stored in plain text by `google-compute-engine` | medium |
2022-04-12T00:00:00
(2 years ago) |
|
Affected | <= 4.550.vb_327fca_3db_11 |
CVE-2023-49652
|
JENKINS:SECURITY-2835 | Incorrect permission checks in `google-compute-engine` | medium |
2023-11-29T00:00:00
(9 months ago) |
|
Fixed | = 4.551.v5a_4dc98f6962 |
CVE-2023-49652
|
JENKINS:SECURITY-2835 | Incorrect permission checks in `google-compute-engine` | medium |
2023-11-29T00:00:00
(9 months ago) |
|
Affected | <= 4.1.1 |
CVE-2019-16546
|
MAVEN:GHSA-345P-PW5Q-G98V | Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin | moderate |
2022-05-24T17:01:41
(2 years ago) |
|
Fixed | = 4.2.0 |
CVE-2019-16546
|
MAVEN:GHSA-345P-PW5Q-G98V | Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin | moderate |
2022-05-24T17:01:41
(2 years ago) |
|
Affected | >= 4.5, < 4.551.v5a < 4.3.17.1 |
CVE-2023-49652
|
MAVEN:GHSA-PGPJ-83G3-MFR2 | Jenkins Google Compute Engine Plugin has incorrect permission checks | moderate |
2023-11-29T15:30:21
(9 months ago) |
|
Fixed | = 4.551.v5a = 4.3.17.1 |
CVE-2023-49652
|
MAVEN:GHSA-PGPJ-83G3-MFR2 | Jenkins Google Compute Engine Plugin has incorrect permission checks | moderate |
2023-11-29T15:30:21
(9 months ago) |
|
Affected | <= 4.1.1 |
CVE-2019-16547
|
MAVEN:GHSA-V98H-RV7J-HF6J | Jenkins Google Compute Engine Plugin Missing Authorization vulnerability | moderate |
2022-05-24T17:01:41
(2 years ago) |
|
Fixed | = 4.2.0 |
CVE-2019-16547
|
MAVEN:GHSA-V98H-RV7J-HF6J | Jenkins Google Compute Engine Plugin Missing Authorization vulnerability | moderate |
2022-05-24T17:01:41
(2 years ago) |
|
Affected | < 4.3.9 |
CVE-2022-29052
|
MAVEN:GHSA-VHXQ-9MPV-GJ87 | Private key stored in plain text by Jenkins Google Compute Engine Plugin | moderate |
2022-04-13T00:00:15
(2 years ago) |
|
Fixed | = 4.3.9 |
CVE-2022-29052
|
MAVEN:GHSA-VHXQ-9MPV-GJ87 | Private key stored in plain text by Jenkins Google Compute Engine Plugin | moderate |
2022-04-13T00:00:15
(2 years ago) |
|
Affected | <= 4.1.1 |
CVE-2019-16548
|
MAVEN:GHSA-X24M-WR2F-P3VC | Jenkins Google Compute Engine Plugin Cross-Site Request Forgery vulnerability | moderate |
2022-05-24T17:01:41
(2 years ago) |
|
Fixed | = 4.2.0 |
CVE-2019-16548
|
MAVEN:GHSA-X24M-WR2F-P3VC | Jenkins Google Compute Engine Plugin Cross-Site Request Forgery vulnerability | moderate |
2022-05-24T17:01:41
(2 years ago) |