6 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2855%20(2) • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2855%20(2) • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2855%20(1) • CWE-522: Insufficiently Protected Credentials •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Existe una vulnerabilidad de exposición de información en el plugin de Jenkins Azure VM Agents, en versiones 0.8.0 y anteriores, en src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java que permite a los atacantes con permisos "Overall/Read" enumerar los ID de credenciales de credenciales almacenadas en Jenkins. • http://www.securityfocus.com/bid/107476 https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1332 • CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent. Una vulnerabilidad de modificación de datos en el plugin de Jenkins Azure VM Agents, en versiones 0.8.0 y anteriores, en src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java que permite a los atacantes con permisos de "Overall/Read" adjuntar una red IP pública a un agente de Azure VM. • http://www.securityfocus.com/bid/107476 https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1331 • CWE-862: Missing Authorization •