Vulnerability Description
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Azure Vm Agents | <= 0.8.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/107476Third Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1330Vendor Advisory
- http://www.securityfocus.com/bid/107476Third Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1330Vendor Advisory
FAQ
What is CVE-2019-1003035?
CVE-2019-1003035 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azu...
How severe is CVE-2019-1003035?
CVE-2019-1003035 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1003035?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Azure Vm Agents.