Описание
Missing permission checks in Jenkins Chaos Monkey Plugin
Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints.
This allows attackers with Overall/Read permission to generate load and to generate memory leaks.
Jenkins Chaos Monkey Plugin 0.4 requires Overall/Administer permission to generate load and to generate memory leaks.
Пакеты
Наименование
io.jenkins.plugins:chaos-monkey
maven
Затронутые версииВерсия исправления
<= 0.3
0.4
Связанные уязвимости
CVSS3: 7.5
nvd
около 5 лет назад
Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.