21 matches found
EUVD-2023-1608
Malicious code in bioql PyPI...
EUVD-2022-2189
Malicious code in bioql PyPI...
CVE-2023-32990
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...
CVE-2023-32988
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-32989
A cross-site request forgery CSRF vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...
CVE-2023-32990
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...
CVE-2023-32990
CVE-2023-32990 affects Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier. The root cause is missing permission checks in several HTTP endpoints, which allows attackers with Overall/Read permission to connect to an attacker-selected Azure Cloud server using credentials IDs obtained by ...
CVE-2023-32989
A cross-site request forgery CSRF vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...
CVE-2023-32989
CVE-2023-32989 describes a CSRF vulnerability in Jenkins Azure VM Agents Plugin (852.v8d35f0960a_43 and earlier). The flaw allows attackers with Overall/Read permission to connect to an attacker‑specified Azure Cloud server using attacker‑specified credentials IDs obtained through another method,...
CVE-2023-32988
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-32988
CVE-2023-32988 affects Jenkins Azure VM Agents Plugin (852.v8d35f0960a_43 and earlier). The issue is a missing permission check on several HTTP endpoints, allowing users with Overall/Read permissions to enumerate credentials IDs stored in Jenkins. Exploitation details are not provided in the conn...
PT-2023-24120 · Jenkins · Jenkins Azure Vm Agents Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Azure VM Agents Plugin versions 852.v8d35f0960a 43 and earlier Description: A missing permission check in the Jenkins Azure VM Agents Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials...
Information disclosure
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2019-1003035
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the...
CVE-2019-1003037
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2019-1003036
A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent...
CVE-2019-1003035
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the...
CVE-2019-1003037
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2019-1003037
Jenkins Azure VM Agents Plugin
CVE-2019-1003035
CVE-2019-1003035 concerns the Jenkins Azure VM Agents Plugin (versions 0.8.0 and earlier). The vulnerability is an information exposure where attackers with Overall/Read permission can trigger the verify configuration form validation action to obtain limited details about the Azure configuration....