Описание
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin
Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. Google Compute Engine Plugin 4.2.0 verifies SSH host keys before executing any commands on agents.
Пакеты
Наименование
org.jenkins-ci.plugins:google-compute-engine
maven
Затронутые версииВерсия исправления
<= 4.1.1
4.2.0
Связанные уязвимости
CVSS3: 5.9
nvd
около 6 лет назад
Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.