GHSA-rv6g-3v76-cvf9, CVE-2023-32990
maven/org.jenkins-ci.plugins/azure-vm-agents
Cross-Site Request Forgery (CSRF)
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.
All versions before 853.v4a
Upgrade to version 853.v4a or above.
2023-05-17
source |