Maven package
org.jenkins-ci.plugins/azure-credentials
pkg:maven/org.jenkins-ci.plugins/azure-credentials
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-25768 | — | < 254.v64da_8176c83a | 254.v64da_8176c83a | Feb 15, 2023 | A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | ||
| CVE-2023-25767 | — | < 254.v64da_8176c83a | 254.v64da_8176c83a | Feb 15, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. | ||
| CVE-2023-25766 | — | < 254.v64da | 254.v64da | Feb 15, 2023 | A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
- CVE-2023-25768Feb 15, 2023affected < 254.v64da_8176c83afixed 254.v64da_8176c83a
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.
- CVE-2023-25767Feb 15, 2023affected < 254.v64da_8176c83afixed 254.v64da_8176c83a
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server.
- CVE-2023-25766Feb 15, 2023affected < 254.v64dafixed 254.v64da
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.