Vulnerabilities > CVE-2019-16546 - Authorization Bypass Through User-Controlled Key vulnerability in Jenkins Google Compute Engine

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
high complexity
jenkins
CWE-639

Summary

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.