1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-1330

[JENKINS:SECURITY-1330] Information disclosure in Azure VM Agents Plugin

Severity Medium
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

A missing permission check in a form validation method in Azure VM Agents Plugin allowed users with Overall/Read access to verify a submitted configuration, obtaining limited information about the Azure account and configuration.

Additionally, this form validation method did not require POST requests, resulting in a potential CSRF vulnerability.

This form validation method now requires POST requests and Overall/Administer permissions.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/azure-vm-agents <= 0.8.0
pkg:github/jenkinsci/azure-vm-agents-plugin <= 0.8.0
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/azure-vm-agents = 0.8.1
pkg:github/jenkinsci/azure-vm-agents-plugin = 0.8.1
ID
JENKINS:SECURITY-1330
Severity
medium
Published
2019-03-06T00:00:00
(5 years ago)
Modified
2019-03-06T00:00:00
(5 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository azure-vm-agents repository https://github.com/jenkinsci/azure-vm-agents-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/azure-vm-agents org.jenkins-ci.plugins azure-vm-agents <= 0.8.0
Fixed pkg:maven/org.jenkins-ci.plugins/azure-vm-agents org.jenkins-ci.plugins azure-vm-agents = 0.8.1
Affected pkg:github/jenkinsci/azure-vm-agents-plugin jenkinsci azure-vm-agents-plugin <= 0.8.0
Fixed pkg:github/jenkinsci/azure-vm-agents-plugin jenkinsci azure-vm-agents-plugin = 0.8.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date