Описание
Missing permission checks in Jenkins Chaos Monkey Plugin
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint.
This allows attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.
Jenkins Chaos Monkey Plugin 0.4.1 requires Overall/Administer permission to access the Chaos Monkey page and to see the history of actions.
Пакеты
Наименование
io.jenkins.plugins:chaos-monkey
maven
Затронутые версииВерсия исправления
<= 0.4
0.4.1
Связанные уязвимости
CVSS3: 5.3
nvd
около 5 лет назад
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.