Jenkins Google Compute Engine Plugin Missing Authorization vulnerability

2022-05-2417:01:41

Google

osv.dev

0.001 Low

EPSS

Percentile

22.0%

JSON

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment. Google Compute Engine Plugin 4.2.0 requires the appropriate Job/Configure permission to view these metadata.

CPENameOperatorVersion
org.jenkins-ci.plugins:google-compute-engineeq1.0.0
org.jenkins-ci.plugins:google-compute-engineeq1.0-beta-1
org.jenkins-ci.plugins:google-compute-engineeq4.1.1
org.jenkins-ci.plugins:google-compute-engineeq1.0.1
org.jenkins-ci.plugins:google-compute-engineeq3.3.1
org.jenkins-ci.plugins:google-compute-engineeq1.0.7
org.jenkins-ci.plugins:google-compute-engineeq3.4.0
org.jenkins-ci.plugins:google-compute-engineeq4.1.0
org.jenkins-ci.plugins:google-compute-engineeq1.0.2
org.jenkins-ci.plugins:google-compute-engineeq1.0-beta-2

Name	Operator	Version
org.jenkins-ci.plugins:google-compute-engine	eq	1.0.0
org.jenkins-ci.plugins:google-compute-engine	eq	1.0-beta-1
org.jenkins-ci.plugins:google-compute-engine	eq	4.1.1
org.jenkins-ci.plugins:google-compute-engine	eq	1.0.1
org.jenkins-ci.plugins:google-compute-engine	eq	3.3.1
org.jenkins-ci.plugins:google-compute-engine	eq	1.0.7
org.jenkins-ci.plugins:google-compute-engine	eq	3.4.0
org.jenkins-ci.plugins:google-compute-engine	eq	4.1.0
org.jenkins-ci.plugins:google-compute-engine	eq	1.0.2
org.jenkins-ci.plugins:google-compute-engine	eq	1.0-beta-2