CVE-2023-32989

CVSS v3.1 8.8 (High)

EPSS 0.09 % (39^th)

Affected Products 1

Advisories 2

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.

Weaknesses

CWE-352: Cross-Site Request Forgery (CSRF)

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2023-05-16 16:15:11
(16 months ago)
Updated Date: 2023-05-25 00:32:07
(16 months ago)

Affected Products

Jenkins

Azure Vm Agents

Configuration #1

		CPE23	From	Up To
	Jenkins Azure Vm Agents for Jenkins 852.v8d35f0960a_43 and prior versions	cpe:2.3:a:jenkins:azure_vm_agents::::::jenkins		<= 852.v8d35f0960a_43