Vulnerabilities > Jenkins > Azure Credentials
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-15 | CVE-2023-25766 | Missing Authorization vulnerability in Jenkins Azure Credentials A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
2023-02-15 | CVE-2023-25767 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Azure Credentials A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. | 8.8 |
2023-02-15 | CVE-2023-25768 | Missing Authorization vulnerability in Jenkins Azure Credentials A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | 6.5 |