Jenkins Health Advisor By Cloudbees
By the Year
In 2020 there have been 3 vulnerabilities in Jenkins Health Advisor By Cloudbees with an average score of 5.8 out of ten. Last year Health Advisor By Cloudbees had 0 security vulnerabilities published. That is, 3 more vulnerabilities have already been reported in 2020 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2020 | 3 | 5.80 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Health Advisor By Cloudbees vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Jenkins Health Advisor By Cloudbees Security Vulnerabilities
Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view
CVE-2020-2258
4.3 - Medium
- September 16, 2020
Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint.
CVE-2020-2258 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
AuthZ
A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier
CVE-2020-2093
8.8 - High
- January 15, 2020
A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient.
CVE-2020-2093 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
352
A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier
CVE-2020-2094
4.3 - Medium
- January 15, 2020
A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient.
CVE-2020-2094 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Incorrect Default Permissions