Jenkins Azure Credentials vulnerabilities
3 known vulnerabilities affecting jenkins/azure_credentials.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-25767HIGHCVSS 8.8fixed in 254.v64da_8176c83a2023-02-15
CVE-2023-25767 [HIGH] CWE-352 CVE-2023-25767: A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e8
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server.
nvd
CVE-2023-25768MEDIUMCVSS 6.5fixed in 254.v64da_8176c83a2023-02-15
CVE-2023-25768 [MEDIUM] CWE-862 CVE-2023-25768: A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.
nvd
CVE-2023-25766MEDIUMCVSS 4.3fixed in 254.v64da_8176c83a2023-02-15
CVE-2023-25766 [MEDIUM] CWE-862 CVE-2023-25766: A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
nvd