CVE-2019-1003035
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration.
Existe una vulnerabilidad de exposición de información en el plugin Jenkins Azure VM Agents, en versiones 0.8.0 y anteriores, en src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java y src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java que permite a los atacantes con permisos de "Overall/Read" realizar la acción de validación de formularios "verify configuration", obteniendo así información limitada sobre la configuración Azure.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-08 CVE Reserved
- 2019-03-08 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/107476 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1330 | 2023-10-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Jenkins Search vendor "Jenkins" | Azure Vm Agents Search vendor "Jenkins" for product "Azure Vm Agents" | <= 0.8.0 Search vendor "Jenkins" for product "Azure Vm Agents" and version " <= 0.8.0" | jenkins |
Affected
| ||||||