GHSA-3hg6-c7f8-3348

Source

https://github.com/advisories/GHSA-3hg6-c7f8-3348

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3hg6-c7f8-3348/GHSA-3hg6-c7f8-3348.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-3hg6-c7f8-3348

Aliases

CVE-2019-1003035

Published

2022-05-13T01:15:07Z

Modified

2023-12-14T18:41:44.932867Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Information disclosure in Azure VM Agents Plugin

Details

An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration.

Database specific

{
    "cwe_ids": [
        "CWE-862"
    ],
    "nvd_published_at": "2019-03-08T21:29:00Z",
    "github_reviewed_at": "2023-12-14T18:22:25Z",
    "github_reviewed": true,
    "severity": "MODERATE"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:azure-vm-agents

Package

Name: org.jenkins-ci.plugins:azure-vm-agents; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/azure-vm-agents

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.1

Affected versions

0.*

0.4.0

0.4.1

0.4.2

0.4.3

0.4.4

0.4.5

0.4.5.1

0.4.6

0.4.7

0.4.7.1

0.4.8

0.5.0

0.6.0

0.6.1

0.6.2

0.7.0

0.7.1

0.7.2

0.7.2.1

0.7.3

0.7.4

0.7.5

0.8.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3hg6-c7f8-3348/GHSA-3hg6-c7f8-3348.json"

last_known_affected_version_range

"<= 0.8.0"