What is the severity of CVE-2019-16548?

The severity of CVE-2019-16548 is high with a severity value of 8.8.

How does CVE-2019-16548 affect Jenkins Google Compute Engine Plugin?

CVE-2019-16548 affects Jenkins Google Compute Engine Plugin version 4.1.1 and earlier in ComputeEngineCloud#doProvision.

How can I fix the vulnerability CVE-2019-16548 in Jenkins Google Compute Engine Plugin?

To fix the vulnerability CVE-2019-16548, update Jenkins Google Compute Engine Plugin to version 4.2.0 or later.

Are there any references for CVE-2019-16548?

Yes, you can find references for CVE-2019-16548 at the following links: [Link 1](http://www.openwall.com/lists/oss-security/2019/11/21/1), [Link 2](https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1586).

Vulnerability/
CVE-2019-16548

high

8.8

CWE

352

21/11/2019

24/5/2022

13/12/2023

CVE-2019-16548: CSRF

Q: What is the description of CVE-2019-16548?

CVE-2019-16548 is a cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin that allows the provisioning of new agents.

First published: Thu Nov 21 2019(Updated: )

A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents. Google Compute Engine Plugin 4.2.0 requires POST requests for this API endpoint.

Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com

Affected Software	Affected Version	How to fix
maven/org.jenkins-ci.plugins:google-compute-engine	<=4.1.1	4.2.0
Jenkins Google Compute Engine	<4.2.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-16548?
The severity of CVE-2019-16548 is high with a severity value of 8.8.
What is the description of CVE-2019-16548?
CVE-2019-16548 is a cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin that allows the provisioning of new agents.
How does CVE-2019-16548 affect Jenkins Google Compute Engine Plugin?
CVE-2019-16548 affects Jenkins Google Compute Engine Plugin version 4.1.1 and earlier in ComputeEngineCloud#doProvision.
How can I fix the vulnerability CVE-2019-16548 in Jenkins Google Compute Engine Plugin?
To fix the vulnerability CVE-2019-16548, update Jenkins Google Compute Engine Plugin to version 4.2.0 or later.
Are there any references for CVE-2019-16548?
Yes, you can find references for CVE-2019-16548 at the following links: [Link 1](http://www.openwall.com/lists/oss-security/2019/11/21/1), [Link 2](https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1586).

collector/nvd-index
collector/nvd-api
collector/github-advisory-latest
alias/GHSA-x24m-wr2f-p3vc
alias/CVE-2019-16548
collector/nvd-cve
collector/github-advisory
agent/severity
agent/author
agent/first-publish-date
vendor/jenkins
canonical/jenkins google compute engine
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.