Information Exposure Affecting org.jenkins-ci.plugins:google-compute-engine package, versions [,4.2.0)
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
0.05% (21st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGJENKINSCIPLUGINS-535481
- published 24 Nov 2019
- disclosed 21 Nov 2019
- credit Matt Sicker, CloudBees, Inc.
Introduced: 21 Nov 2019
CVE-2019-16547 Open this link in a new tabHow to fix?
Upgrade org.jenkins-ci.plugins:google-compute-engine
to version 4.2.0 or higher.
Overview
org.jenkins-ci.plugins:google-compute-engine is a Plugin that allows you to use GCE virtual machines (VMs) with Jenkins to execute build tasks.
Affected versions of this package are vulnerable to Information Exposure. It allowed attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment.