Vulnerabilities > CVE-2020-2323 - Missing Authorization vulnerability in Netflix Chaos Monkey 0.3/0.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |