pkg:maven/org.jenkins-ci.plugins/google-compute-engine

Type maven

Namespace org.jenkins-ci.plugins

Name google-compute-engine

Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/google-compute-engine package.

Repository: https://mvnrepository.com/artifact/org.jenkins-ci.plugins/google-compute-engine

Moderate 5

Medium 5

Type	Version	# CVEs	# Advisory ID	Title	Severity	Published
Affected	<= 4.1.1	CVE-2019-16546	JENKINS:SECURITY-1584	`google-compute-engine` did not verify SSH host keys	medium	2019-11-21T00:00:00 (4 years ago)
Fixed	= 4.2.0	CVE-2019-16546	JENKINS:SECURITY-1584	`google-compute-engine` did not verify SSH host keys	medium	2019-11-21T00:00:00 (4 years ago)
Affected	<= 4.1.1	CVE-2019-16547	JENKINS:SECURITY-1585	`google-compute-engine` disclosed environment information to users with Overall/Read permission	medium	2019-11-21T00:00:00 (4 years ago)
Fixed	= 4.2.0	CVE-2019-16547	JENKINS:SECURITY-1585	`google-compute-engine` disclosed environment information to users with Overall/Read permission	medium	2019-11-21T00:00:00 (4 years ago)
Affected	<= 4.1.1	CVE-2019-16548	JENKINS:SECURITY-1586	CSRF vulnerability in `google-compute-engine` allowed provisioning agents	medium	2019-11-21T00:00:00 (4 years ago)
Fixed	= 4.2.0	CVE-2019-16548	JENKINS:SECURITY-1586	CSRF vulnerability in `google-compute-engine` allowed provisioning agents	medium	2019-11-21T00:00:00 (4 years ago)
Affected	<= 4.3.8	CVE-2022-29052	JENKINS:SECURITY-2045	Private key stored in plain text by `google-compute-engine`	medium	2022-04-12T00:00:00 (2 years ago)
Fixed	= 4.3.9	CVE-2022-29052	JENKINS:SECURITY-2045	Private key stored in plain text by `google-compute-engine`	medium	2022-04-12T00:00:00 (2 years ago)
Affected	<= 4.550.vb_327fca_3db_11	CVE-2023-49652	JENKINS:SECURITY-2835	Incorrect permission checks in `google-compute-engine`	medium	2023-11-29T00:00:00 (9 months ago)
Fixed	= 4.551.v5a_4dc98f6962	CVE-2023-49652	JENKINS:SECURITY-2835	Incorrect permission checks in `google-compute-engine`	medium	2023-11-29T00:00:00 (9 months ago)
Affected	<= 4.1.1	CVE-2019-16546	MAVEN:GHSA-345P-PW5Q-G98V	Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin	moderate	2022-05-24T17:01:41 (2 years ago)
Fixed	= 4.2.0	CVE-2019-16546	MAVEN:GHSA-345P-PW5Q-G98V	Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin	moderate	2022-05-24T17:01:41 (2 years ago)
Affected	>= 4.5, < 4.551.v5a < 4.3.17.1	CVE-2023-49652	MAVEN:GHSA-PGPJ-83G3-MFR2	Jenkins Google Compute Engine Plugin has incorrect permission checks	moderate	2023-11-29T15:30:21 (9 months ago)
Fixed	= 4.551.v5a = 4.3.17.1	CVE-2023-49652	MAVEN:GHSA-PGPJ-83G3-MFR2	Jenkins Google Compute Engine Plugin has incorrect permission checks	moderate	2023-11-29T15:30:21 (9 months ago)
Affected	<= 4.1.1	CVE-2019-16547	MAVEN:GHSA-V98H-RV7J-HF6J	Jenkins Google Compute Engine Plugin Missing Authorization vulnerability	moderate	2022-05-24T17:01:41 (2 years ago)
Fixed	= 4.2.0	CVE-2019-16547	MAVEN:GHSA-V98H-RV7J-HF6J	Jenkins Google Compute Engine Plugin Missing Authorization vulnerability	moderate	2022-05-24T17:01:41 (2 years ago)
Affected	< 4.3.9	CVE-2022-29052	MAVEN:GHSA-VHXQ-9MPV-GJ87	Private key stored in plain text by Jenkins Google Compute Engine Plugin	moderate	2022-04-13T00:00:15 (2 years ago)
Fixed	= 4.3.9	CVE-2022-29052	MAVEN:GHSA-VHXQ-9MPV-GJ87	Private key stored in plain text by Jenkins Google Compute Engine Plugin	moderate	2022-04-13T00:00:15 (2 years ago)
Affected	<= 4.1.1	CVE-2019-16548	MAVEN:GHSA-X24M-WR2F-P3VC	Jenkins Google Compute Engine Plugin Cross-Site Request Forgery vulnerability	moderate	2022-05-24T17:01:41 (2 years ago)
Fixed	= 4.2.0	CVE-2019-16548	MAVEN:GHSA-X24M-WR2F-P3VC	Jenkins Google Compute Engine Plugin Cross-Site Request Forgery vulnerability	moderate	2022-05-24T17:01:41 (2 years ago)