Maven package
io.jenkins.plugins/chaos-monkey
pkg:maven/io.jenkins.plugins/chaos-monkey
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-2323 | Med | 5.3 | < 0.4.1 | 0.4.1 | Dec 3, 2020 | Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions. | |
| CVE-2020-2322 | Hig | 7.5 | < 0.4 | 0.4 | Dec 3, 2020 | Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. |
- affected < 0.4.1fixed 0.4.1
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.
- affected < 0.4fixed 0.4
Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.