CVE-2023-32989

Cross-Site Request Forgery (CSRF) in maven/org.jenkins-ci.plugins/azure-vm-agents

Identifiers

GHSA-26j3-4m55-j6r7, CVE-2023-32989

Package Slug

maven/org.jenkins-ci.plugins/azure-vm-agents

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.

Affected Versions

All versions before 853.v4a

Solution

Upgrade to version 853.v4a or above.

Last Modified

2023-05-17

source