1. CVE-Search
  2. CVE-2019-1003037
ID CVE-2019-1003037
Summary An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:azure_vm_agents:0.4.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.4.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.4.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.4.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.4.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.4.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.4.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.4.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.4.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.4.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.4.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.4.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.4.5.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.4.5.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.4.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.4.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.4.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.4.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.4.7.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.4.7.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.4.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.4.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.5.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.5.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.6.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.6.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.6.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.6.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.6.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.6.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.7.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.7.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.7.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.7.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.7.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.7.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.7.2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.7.2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.7.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.7.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.7.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.7.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.7.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.7.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:azure_vm_agents:0.8.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:azure_vm_agents:0.8.0:*:*:*:*:jenkins:*:*
CVSS
Base: 4.0 (as of 25-10-2023 - 18:16)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
bid 107476
confirm https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1332
Last major update 25-10-2023 - 18:16
Published 08-03-2019 - 21:29
Last modified 25-10-2023 - 18:16
Back to Top