CVE-2023-32989

2023-05-1616:15:11

Google

osv.dev

cve-2023-32989

csrf

jenkins azure vm agents plugin

azure cloud

credentials ids

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.

CPENameOperatorVersion
azure-vm-agents-plugineq822.v3a18fc3d2de1
azure-vm-agents-plugineq805.v424cc2981d7a
azure-vm-agents-plugineq778.va3924310a4eb
azure-vm-agents-plugineqazure-vm-agents-1.5.3
azure-vm-agents-plugineq795.vd5903dae1139
azure-vm-agents-plugineq806.vae775cde5efa
azure-vm-agents-plugineq801.v37f3eab68cf0
azure-vm-agents-plugineq780.v50d067d02f76
azure-vm-agents-plugineqazure-vm-agents-0.5.0
azure-vm-agents-plugineqazure-vm-agents-1.0.0

Name	Operator	Version
azure-vm-agents-plugin	eq	822.v3a18fc3d2de1
azure-vm-agents-plugin	eq	805.v424cc2981d7a
azure-vm-agents-plugin	eq	778.va3924310a4eb
azure-vm-agents-plugin	eq	azure-vm-agents-1.5.3
azure-vm-agents-plugin	eq	795.vd5903dae1139
azure-vm-agents-plugin	eq	806.vae775cde5efa
azure-vm-agents-plugin	eq	801.v37f3eab68cf0
azure-vm-agents-plugin	eq	780.v50d067d02f76
azure-vm-agents-plugin	eq	azure-vm-agents-0.5.0
azure-vm-agents-plugin	eq	azure-vm-agents-1.0.0