Skip to main content

Azure Credentials

3 CVEs product

Monthly

CVE-2023-25768 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Authentication Bypass Azure Credentials
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25767 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Microsoft CSRF Azure Credentials
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25766 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Authentication Bypass Azure Credentials
NVD
CVSS 3.1
4.3
EPSS
0.5%
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Authentication Bypass +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Microsoft CSRF +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Authentication Bypass +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy