[MAVEN:GHSA-345P-PW5Q-G98V] Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. Google Compute Engine Plugin 4.2.0 verifies SSH host keys before executing any commands on agents.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/google-compute-engine | <= 4.1.1 |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/google-compute-engine | = 4.2.0 |
- ID
- MAVEN:GHSA-345P-PW5Q-G98V
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-345p-pw5q-g98v
- Published
-
2022-05-24T17:01:41
(2 years ago) - Modified
-
2023-01-31T05:02:47
(19 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.plugins/google-compute-engine | org.jenkins-ci.plugins | google-compute-engine | <= 4.1.1 | |||
Fixed | pkg:maven/org.jenkins-ci.plugins/google-compute-engine | org.jenkins-ci.plugins | google-compute-engine | = 4.2.0 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |