Information Exposure in Jenkins Azure VM Agents Plugin by Microsoft
CVE-2019-1003035

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Azure Vm Agents Plugin
Vendor: CVE Published:; 8 March 2019

What is CVE-2019-1003035?

An information exposure vulnerability in the Jenkins Azure VM Agents Plugin allows users with Overall/Read permissions to exploit the 'verify configuration' functionality. This could enable attackers to gain access to sensitive information regarding the Azure configuration settings, potentially misusing this data for unauthorized access or other malicious purposes.

Affected Version(s)

Jenkins Azure VM Agents Plugin 0.8.0 and earlier

References

https://jenkins.io/security/advisory/2019-03-06/#SECURITY...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/107476

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 8, 2019
Vulnerability Reserved
Mar 8, 2019