CVE-2019-16547

CWE-862Missing AuthorizationCWE-2855 documents5 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 91.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Google Compute EngineJenkins Project Jenkins Google Compute Engine Plugin
Timeline
PublishedNov 21
Latest updateMay 24

Description

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
Jenkins Google Compute Engine Plugin Missing Authorization vulnerability2022-05-24
GHSA
Jenkins Google Compute Engine Plugin Missing Authorization vulnerability2022-05-24
CVEList
CVE-2019-16547: Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 42019-11-21

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-11-212019-11-21