New Cloudbees Jenkins authorization issue vulnerability

Cloudbees Jenkins (Hudson Labs) is a suite of Java-based continuous integration software developed in the United States by CloudBees (Cloudbees).

6:45 PM GMT, Saturday, December 5, 2020

This product is primarily used to track the release/test projects of the continuous software version and some planned activities. The CVS Plugin is a plug-in for the CVS version control framework used inside it.

Jenkins Chaos Monkey Plugin update 0.3 and previous releases have a vulnerability with an authorization problem. The weakness stems from the inability to execute authorization checks on several HTTP endpoints, enabling an attacker to use the vulnerability to generate load and generate memory leaks using total read permissions.