PT-2020-15557 · Jenkins · Jenkins Chaos Monkey Plugin

Published

2020-12-03

Updated

2023-10-25

CVE-2020-2323

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Chaos Monkey Plugin versions 0.4 and earlier

Description The issue allows attackers with Overall/Read permission to access the Chaos Monkey page and see the history of actions due to a lack of permission checks in an HTTP endpoint.

Recommendations For Jenkins Chaos Monkey Plugin versions 0.4 and earlier, update to version 0.4.1 or later, which requires Overall/Administer permission to access the Chaos Monkey page and view the history of actions.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2020-2323

GHSA-HX53-635R-VMV8

Affected Products

Jenkins Chaos Monkey Plugin

PT-2020-15557 · Jenkins · Jenkins Chaos Monkey Plugin

CVE-2020-2323

Weakness Enumeration

Related Identifiers

Affected Products

References · 8