Skip to main content

Google Compute Engine

6 CVEs product

Monthly

CVE-2023-49673 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Neuvector Vulnerability Scanner Jira Google Compute Engine +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49652 Maven LOW PATCH Monitor

Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Google Authentication Bypass Google Compute Engine
NVD
CVSS 3.1
2.7
EPSS
0.5%
CVE-2022-29052 Maven MEDIUM PATCH This Month

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Jenkins Information Disclosure Google Compute Engine
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-16548 Maven HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Jenkins CSRF Google Compute Engine
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-16547 Maven MEDIUM PATCH This Month

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Google Google Compute Engine
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-16546 Maven MEDIUM PATCH This Month

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Jenkins Google Google Compute Engine
NVD
CVSS 3.1
5.9
EPSS
0.9%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Neuvector Vulnerability Scanner +3
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Google Authentication Bypass +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Jenkins CSRF +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Google +1
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Jenkins Google +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy