CVE-2019-1003035
published 2019-03-08CVE-2019-1003035: An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | appdynamics_dashboard_plugin | — | — |
| jenkins | azure_vm_agents | <= 0.8.0 | — |
| jenkins | azure_vm_agents_plugin | — | — |
| jenkins | azure_vm_in_azure_vm_agents_plugin | — | — |
| jenkins | bitbar_run-in-cloud_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | deploy_plugin | — | — |
| jenkins | email_extension_plugin | — | — |
| jenkins | groovy_plugin | — | — |
| jenkins | ids_in_azure_vm_agents_plugin | — | — |
| jenkins | ids_to_allow_administrators_configuring_the_plugin | — | — |
| jenkins | job_dsl_plugin | — | — |
| jenkins | matrix_project_plugin | — | — |
| jenkins | rabbit-mq_publisher_plugin | — | — |
| jenkins | rabbitmq_in_rabbit-mq_publisher_plugin | — | — |
| jenkins | repository_connector_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | this_allowed_users_able_to_control_the_plugin | — | — |
| jenkins_project | jenkins_azure_vm_agents_plugin | — | — |