CVE-2019-1003036
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Missing permission check in Azure VM Agents Plugin allowed modifying VM configuration
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.jenkins-ci.plugins:azure-vm-agents | <0.8.1 | 0.8.1 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2019-1003036
- https://github.com/jenkinsci/azure-vm-agents-plugin/commit/6cf1e11778993988ded08eb15ea051541341ec12
- https://github.com/jenkinsci/azure-vm-agents-plugin
- https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1331
- http://www.securityfocus.com/bid/107476
Verify integrity in audit chain (admin only). AS-IS.