Missing Permission Check in Jenkins Azure VM Agents Plugin
CVE-2023-32988

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Azure Vm Agents Plugin
Vendor: CVE Published:; 16 May 2023

What is CVE-2023-32988?

The Jenkins Azure VM Agents Plugin contains a vulnerability due to a missing permission check, which can be exploited by unauthorized users with Overall/Read permissions. This flaw allows attackers to list credential IDs stored in Jenkins, potentially compromising sensitive information related to the Jenkins environment. Users are advised to upgrade to the latest version to mitigate this risk. For detailed information, refer to the Jenkins Security Advisory.

Affected Version(s)

Jenkins Azure VM Agents Plugin 0 <= 852.v8d35f0960a_43

References

https://www.jenkins.io/security/advisory/2023-05-16/#SECU...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2023
Vulnerability Reserved
May 16, 2023