Jenkins Azure Service Fabric Plugin Vulnerability Exposes Azure Credentials
CVE-2025-24403

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Azure Service Fabric Plugin
Vendor: CVE Published:; 22 January 2025

Summary

The Jenkins Azure Service Fabric Plugin, version 1.6 and prior, contains a critical security flaw due to a missing permission check. This vulnerability enables attackers who possess Overall/Read permissions to enumerate credential IDs of Azure credentials stored within Jenkins. This unauthorized access could potentially lead to further exploitation of sensitive data, emphasizing the need for prompt security patches and updates to safeguard configurations.

Affected Version(s)

Jenkins Azure Service Fabric Plugin 0 <= 1.6

References

https://www.jenkins.io/security/advisory/2025-01-22/#SECU...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 22, 2025
Vulnerability Reserved
Jan 21, 2025