Lucene search
JenkinsCVE-2023-25766HistoryFeb 15, 2023 - 2:15 p.m.
CVE-2023-25766
2023-02-1514:15:13
CWE-862
jenkins
web.nvd.nist.gov
41
cve-2023-25766
jenkins
azure
credentials plugin
nvd
security flaw
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
4.4
Confidence
High
EPSS
0.001
Percentile
22.8%
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Affected configurations
Node
jenkinsazure_credentialsRange<254.v64da_8176c83ajenkins
| Vendor | Product | Version | CPE |
|---|---|---|---|
| jenkins | azure_credentials | * | cpe:2.3:a:jenkins:azure_credentials:*:*:*:*:*:jenkins:*:* |
CNA Affected
[
{
"product": "Jenkins Azure Credentials Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "253.v887e0f9e898b",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
github
github
Missing Authorization in Jenkins Azure Credentials Plugin
2023-02-15 15:30:40
nvd
nvd
CVE-2023-25766
2023-02-15 14:15:13
osv
osv
Missing Authorization in Jenkins Azure Credentials Plugin
2023-02-15 15:30:40
cvelist
cvelist
CVE-2023-25766
2023-02-15 00:00:00
prion
prion
Information disclosure
2023-02-15 14:15:00
alpinelinux
alpinelinux
CVE-2023-25766
2023-02-15 14:15:13
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
4.4
Confidence
High
EPSS
0.001
Percentile
22.8%
Related for CVE-2023-25766