Data Modification Vulnerability in Jenkins Azure VM Agents Plugin
CVE-2019-1003036

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Azure Vm Agents Plugin
Vendor: CVE Published:; 8 March 2019

What is CVE-2019-1003036?

A data modification vulnerability affects the Jenkins Azure VM Agents Plugin version 0.8.0 and earlier. This flaw allows attackers granted with Overall/Read permission to manipulate the configuration by attaching a public IP address to an Azure VM agent. The implications of this vulnerability could lead to unauthorized network exposure, putting data integrity and cloud resources at risk. Users are advised to update to the latest version to mitigate this risk effectively.

Affected Version(s)

Jenkins Azure VM Agents Plugin 0.8.0 and earlier

References

https://jenkins.io/security/advisory/2019-03-06/#SECURITY...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/107476

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 8, 2019
Vulnerability Reserved
Mar 8, 2019