Vulnerabilities > Jenkins > Azure VM Agents > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-16 CVE-2023-32990 Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Azure VM Agents
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.
network
low complexity
jenkins CWE-732
6.5
2023-05-16 CVE-2023-32988 Insufficiently Protected Credentials vulnerability in Jenkins Azure VM Agents
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-522
4.3
2019-03-08 CVE-2019-1003037 Missing Authorization vulnerability in Jenkins Azure VM Agents
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5
2019-03-08 CVE-2019-1003036 Missing Authorization vulnerability in Jenkins Azure VM Agents
A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent.
network
low complexity
jenkins CWE-862
4.3
2019-03-08 CVE-2019-1003035 Missing Authorization vulnerability in Jenkins Azure VM Agents
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration.
network
low complexity
jenkins CWE-862
4.3