CVE-2019-1003037
published 2019-03-08CVE-2019-1003037: An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | appdynamics_dashboard_plugin | — | — |
| jenkins | azure_vm_agents | <= 0.8.0 | — |
| jenkins | azure_vm_agents_plugin | — | — |
| jenkins | azure_vm_in_azure_vm_agents_plugin | — | — |
| jenkins | bitbar_run-in-cloud_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | deploy_plugin | — | — |
| jenkins | email_extension_plugin | — | — |
| jenkins | groovy_plugin | — | — |
| jenkins | ids_in_azure_vm_agents_plugin | — | — |
| jenkins | ids_to_allow_administrators_configuring_the_plugin | — | — |
| jenkins | job_dsl_plugin | — | — |
| jenkins | matrix_project_plugin | — | — |
| jenkins | rabbit-mq_publisher_plugin | — | — |
| jenkins | rabbitmq_in_rabbit-mq_publisher_plugin | — | — |
| jenkins | repository_connector_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | this_allowed_users_able_to_control_the_plugin | — | — |
| jenkins_project | jenkins_azure_vm_agents_plugin | — | — |