cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-32990,https://securityvulnerability.io/vulnerability/CVE-2023-32990,Improper Permission Check in Jenkins Azure VM Agents Plugin by Jenkins,"A vulnerability exists in the Jenkins Azure VM Agents Plugin that permits authenticated attackers with Overall/Read permission to connect to arbitrary Azure Cloud servers. This is achieved by exploiting a missing permission check that allows the use of attacker-specified credential IDs. This flaw can lead to unauthorized access to sensitive cloud resources, potentially compromising the security of the deployed environment. Organizations using this plugin should assess their configurations and apply any necessary patches as soon as possible to mitigate this risk.",Jenkins,Jenkins Azure Vm Agents Plugin,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-05-16T17:15:00.000Z,0
CVE-2023-32988,https://securityvulnerability.io/vulnerability/CVE-2023-32988,Missing Permission Check in Jenkins Azure VM Agents Plugin,"The Jenkins Azure VM Agents Plugin contains a vulnerability due to a missing permission check, which can be exploited by unauthorized users with Overall/Read permissions. This flaw allows attackers to list credential IDs stored in Jenkins, potentially compromising sensitive information related to the Jenkins environment. Users are advised to upgrade to the latest version to mitigate this risk. For detailed information, refer to the Jenkins Security Advisory.",Jenkins,Jenkins Azure Vm Agents Plugin,4.3,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-05-16T16:15:00.000Z,0
CVE-2023-32989,https://securityvulnerability.io/vulnerability/CVE-2023-32989,Cross-Site Request Forgery in Jenkins Azure VM Agents Plugin,"The Jenkins Azure VM Agents Plugin is vulnerable to a cross-site request forgery (CSRF) attack, which could allow an attacker to establish connections to an Azure Cloud server of their choosing. By utilizing specific credential IDs—potentially obtained through other malicious means—an attacker may exploit this vulnerability to gain unauthorized access and control over Azure resources.",Jenkins,Jenkins Azure Vm Agents Plugin,8.8,HIGH,0.001069999998435378,false,,false,false,false,,,false,false,,2023-05-16T16:15:00.000Z,0
CVE-2019-1003036,https://securityvulnerability.io/vulnerability/CVE-2019-1003036,,A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent.,Jenkins,Jenkins Azure Vm Agents Plugin,4.3,MEDIUM,0.0005499999970197678,false,,false,false,false,,,false,false,,2019-03-08T21:00:00.000Z,0
CVE-2019-1003037,https://securityvulnerability.io/vulnerability/CVE-2019-1003037,,An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.,Jenkins,Jenkins Azure Vm Agents Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2019-03-08T21:00:00.000Z,0
CVE-2019-1003035,https://securityvulnerability.io/vulnerability/CVE-2019-1003035,,"An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration.",Jenkins,Jenkins Azure Vm Agents Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-03-08T21:00:00.000Z,0