Health Advisor By Cloudbees Jenkins Health Advisor By Cloudbees

stack.watch can notify you when security vulnerabilities are reported in Jenkins Health Advisor By Cloudbees. You can add multiple products that you use with Health Advisor By Cloudbees to create your own personal software stack watcher.

By the Year

In 2020 there have been 3 vulnerabilities in Jenkins Health Advisor By Cloudbees with an average score of 5.8 out of ten. Last year Health Advisor By Cloudbees had 0 security vulnerabilities published. That is, 3 more vulnerabilities have already been reported in 2020 as compared to last year.

Year Vulnerabilities Average Score
2020 3 5.80
2019 0 0.00
2018 0 0.00

It may take a day or so for new Health Advisor By Cloudbees vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Jenkins Health Advisor By Cloudbees Security Vulnerabilities

Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view

CVE-2020-2258 4.3 - Medium - September 16, 2020

Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint.

CVE-2020-2258 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

AuthZ

A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier

CVE-2020-2093 8.8 - High - January 15, 2020

A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient.

CVE-2020-2093 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

352

A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier

CVE-2020-2094 4.3 - Medium - January 15, 2020

A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient.

CVE-2020-2094 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Incorrect Default Permissions