Jenkins Project Jenkins Azure Vm Agents Plugin vulnerabilities
6 known vulnerabilities affecting jenkins_project/jenkins_azure_vm_agents_plugin.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2023-32989HIGHCVSS 8.8≤ 852.v8d35f0960a_432023-05-16
CVE-2023-32989 [HIGH] CWE-352 CVE-2023-32989: A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.
cvelistv5nvd
CVE-2023-32988MEDIUMCVSS 4.3≤ 852.v8d35f0960a_432023-05-16
CVE-2023-32988 [MEDIUM] CWE-522 CVE-2023-32988: A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows a
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
cvelistv5nvd
CVE-2023-32990MEDIUMCVSS 6.5≤ 852.v8d35f0960a_432023-05-16
CVE-2023-32990 [MEDIUM] CWE-732 CVE-2023-32990: A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows a
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.
cvelistv5nvd
CVE-2019-1003035MEDIUMCVSS 4.3v0.8.0 and earlier2019-03-08
CVE-2019-1003035 [MEDIUM] CWE-862 CVE-2019-1003035: An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereb
cvelistv5nvd
CVE-2019-1003036MEDIUMCVSS 4.3v0.8.0 and earlier2019-03-08
CVE-2019-1003036 [MEDIUM] CWE-862 CVE-2019-1003036: A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/
A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent.
cvelistv5nvd
CVE-2019-1003037MEDIUMCVSS 6.5v0.8.0 and earlier2019-03-08
CVE-2019-1003037 [MEDIUM] CWE-862 CVE-2019-1003037: An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
cvelistv5nvd