io.jenkins.plugins:chaos-monkey

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting io.jenkins.plugins:chaos-monkeypage 1 of 1

CVE-2020-2322HIGHCVSS 7.5EG 7.5✓ Fixed in 0.4
2020-12-03
vulnerable: 0.1, 0.2, 0.3
Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.
CVE-2020-2323MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.4.1
2020-12-03
vulnerable: 0.1, 0.2, 0.3, 0.4
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.

Check whether io.jenkins.plugins:chaos-monkey is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.jenkins.plugins:chaos-monkey CVEs against the assets you own.

Start Free Scan →