[MAVEN:GHSA-M33C-CJJJ-2MG4] Missing permission check in Azure VM Agents Plugin allowed modifying VM configuration
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/azure-vm-agents | <= 0.8.0 |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/azure-vm-agents | = 0.8.1 |
- ID
- MAVEN:GHSA-M33C-CJJJ-2MG4
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-m33c-cjjj-2mg4
- Published
-
2022-05-13T01:15:08
(2 years ago) - Modified
-
2023-12-14T18:23:15
(9 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.plugins/azure-vm-agents | org.jenkins-ci.plugins | azure-vm-agents | <= 0.8.0 | |||
Fixed | pkg:maven/org.jenkins-ci.plugins/azure-vm-agents | org.jenkins-ci.plugins | azure-vm-agents | = 0.8.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |