CVE-2020-2322

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Chaos Monkey Plugin versions 0.3 and earlier

Description The issue concerns the Jenkins Chaos Monkey Plugin, where several HTTP endpoints do not perform permission checks. This allows attackers with Overall/Read permission to generate load and to generate memory leaks.

Recommendations For Jenkins Chaos Monkey Plugin versions 0.3 and earlier, consider updating to version 0.4 or later, which requires Overall/Administer permission to generate load and to generate memory leaks, thus mitigating the risk.

Fix

Missing Authorization

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-401

Related Identifiers

CVE-2020-2322

GHSA-MR75-899X-QCXQ

Affected Products

Jenkins Chaos Monkey Plugin

CVE-2020-2322

Weakness Enumeration

Related Identifiers

Affected Products

References · 8