CVE-2023-32988
published 2023-05-16CVE-2023-32988: A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | ansible_plugin | — | — |
| jenkins | appspider_plugin | — | — |
| jenkins | azure_vm_agents | <= 852.v8d35f0960a_43 | — |
| jenkins | azure_vm_agents_plugin | — | — |
| jenkins | cas_plugin | — | — |
| jenkins | code_dx_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | email_extension_plugin | — | — |
| jenkins | file_parameter_plugin | — | — |
| jenkins | hashicorp_vault_plugin | — | — |
| jenkins | ids_in_azure_vm_agents_plugin | — | — |
| jenkins | improper_masking_of_credentials_in_hashicorp_vault_plugin | — | — |
| jenkins | job_plugin | — | — |
| jenkins | ldap_plugin | — | — |
| jenkins | loadcomplete_support_plugin | — | — |
| jenkins | ns-nd_integration_performance_publisher_plugin | — | — |
| jenkins | pipeline_utility_steps_plugin | — | — |
| jenkins | reverse_proxy_auth_plugin | — | — |
| jenkins | sidebar_link_plugin | — | — |
| jenkins | tag_profiler_plugin | — | — |
| jenkins | testcomplete_support_plugin | — | — |
| jenkins | testng_report_files_and_displayed_on_the_plugin | — | — |
| jenkins | testng_results_plugin | — | — |
| jenkins_project | jenkins_azure_vm_agents_plugin | <= 852.v8d35f0960a_43 | — |