1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-1585

[JENKINS:SECURITY-1585] `google-compute-engine` disclosed environment information to users with Overall/Read permission

Severity Medium
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

google-compute-engine did not verify permissions on multiple auto-complete API endpoints.
This allowed users with Overall/Read permissions to view various metadata about the running cloud environment.

google-compute-engine now requires the appropriate Job/Configure permission to view these metadata.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/google-compute-engine <= 4.1.1
pkg:github/jenkinsci/google-compute-engine-plugin <= 4.1.1
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/google-compute-engine = 4.2.0
pkg:github/jenkinsci/google-compute-engine-plugin = 4.2.0
ID
JENKINS:SECURITY-1585
Severity
medium
Published
2019-11-21T00:00:00
(4 years ago)
Modified
2019-11-21T00:00:00
(4 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository google-compute-engine repository https://github.com/jenkinsci/google-compute-engine-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/google-compute-engine org.jenkins-ci.plugins google-compute-engine <= 4.1.1
Fixed pkg:maven/org.jenkins-ci.plugins/google-compute-engine org.jenkins-ci.plugins google-compute-engine = 4.2.0
Affected pkg:github/jenkinsci/google-compute-engine-plugin jenkinsci google-compute-engine-plugin <= 4.1.1
Fixed pkg:github/jenkinsci/google-compute-engine-plugin jenkinsci google-compute-engine-plugin = 4.2.0
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date