Primary

Context

Jenkins Azure Service Fabric Plugin Missing Permission Check Vulnerability

Vulnerability

Patched

A vulnerability exists in the Jenkins Azure Service Fabric Plugin in versions through 1.6, where a missing permission check allows attackers with Overall/Read permission to enumerate the IDs of Azure credentials stored in Jenkins. This vulnerability could be exploited to capture these credentials using another vulnerability.

Impact

Exploitation of this vulnerability allows for the enumeration of Azure credential IDs, which could be used to capture the corresponding credentials through another vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Azure Service Fabric Plugin Missing Permission Check Vulnerability

Vulnerability

Impact

Affected Products

Jenkins Azure Service Fabric Plugin

Jenkins Bitbucket Server Integration Plugin

Jenkins Eiffel Broadcaster Plugin

Jenkins Folder-based Authorization Strategy Plugin

Jenkins GitLab Plugin

Jenkins OpenId Connect Authentication Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating