Lucene search

[email protected]CVE-2023-32988

HistoryMay 16, 2023 - 4:15 p.m.

CVE-2023-32988

2023-05-1616:15:11

CWE-522

[email protected]

web.nvd.nist.gov

cve-2023-32988

jenkins

azure vm agents plugin

permission check

enumeration

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

12.5%

JSON

A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CPENameOperatorVersion
jenkins:azure_vm_agentsjenkins azure vm agentsle852.v8d35f0960a_43
jenkins:azure_vm_agentsjenkins azure vm agentseq0.4.4
jenkins:azure_vm_agentsjenkins azure vm agentseq0.9.0
jenkins:azure_vm_agentsjenkins azure vm agentseq0.4.1
jenkins:azure_vm_agentsjenkins azure vm agentseq0.7.1
jenkins:azure_vm_agentsjenkins azure vm agentseq0.4.0
jenkins:azure_vm_agentsjenkins azure vm agentseq0.4.3
jenkins:azure_vm_agentsjenkins azure vm agentseq0.6.1
jenkins:azure_vm_agentsjenkins azure vm agentseq0.7.0
jenkins:azure_vm_agentsjenkins azure vm agentseq0.4.7

CPE	Name	Operator	Version
jenkins:azure_vm_agents	jenkins azure vm agents	le	852.v8d35f0960a_43
jenkins:azure_vm_agents	jenkins azure vm agents	eq	0.4.4
jenkins:azure_vm_agents	jenkins azure vm agents	eq	0.9.0
jenkins:azure_vm_agents	jenkins azure vm agents	eq	0.4.1
jenkins:azure_vm_agents	jenkins azure vm agents	eq	0.7.1
jenkins:azure_vm_agents	jenkins azure vm agents	eq	0.4.0
jenkins:azure_vm_agents	jenkins azure vm agents	eq	0.4.3
jenkins:azure_vm_agents	jenkins azure vm agents	eq	0.6.1
jenkins:azure_vm_agents	jenkins azure vm agents	eq	0.7.0
jenkins:azure_vm_agents	jenkins azure vm agents	eq	0.4.7

Rows per page:

1-10 of 261

References

www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2855%20(1)

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

12.5%

JSON

Related for CVE-2023-32988

prion1 alpinelinux1 veracode1 osv2 cvelist1 github1 nessus1