GHSA-vhxq-9mpv-gj87
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vhxq-9mpv-gj87
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-vhxq-9mpv-gj87/GHSA-vhxq-9mpv-gj87.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-vhxq-9mpv-gj87
- Aliases
- Published
- 2022-04-13T00:00:15Z
- Modified
- 2023-11-01T04:58:39.806869Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Private key stored in plain text by Jenkins Google Compute Engine Plugin
- Details
-
Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent
config.xmlfiles on the Jenkins controller where they can be viewed by users with Agent/Extended Read permission, or access to the Jenkins controller file system. - Database specific
{ "nvd_published_at": "2022-04-12T20:15:00Z", "github_reviewed_at": "2022-12-01T23:42:49Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-522" ] }- References
Affected packages
Maven / org.jenkins-ci.plugins:google-compute-engine
Package
- Name
- org.jenkins-ci.plugins:google-compute-engine
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/google-compute-engine