CVE-2019-16546

Summary

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Google Compute Engine Plugin4.1.1 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References