CVE-2022-29052

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Google Compute Engine Plugin
Vendor: CVE Published:; 12 April 2022

Summary

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Affected Version(s)

Jenkins Google Compute Engine Plugin <= 4.3.8

References

https://www.jenkins.io/security/advisory/2022-04-12/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2022
Vulnerability Reserved
Apr 11, 2022