Cross-Site Scripting Vulnerability in Monitoring Plugin for Jenkins
CVE-2014-3678

Currently unrated

Key Information:

Vendor: Jenkins-ci
Status: Monitoring Plugin
Vendor: CVE Published:; 10 October 2014

What is CVE-2014-3678?

The Monitoring plugin for Jenkins prior to version 1.53.0 is susceptible to a cross-site scripting (XSS) vulnerability. This flaw enables remote attackers to inject arbitrary web scripts or HTML code through specific vector attacks, potentially compromising the security of the Jenkins environment and the data processed within it.

References

https://wiki.jenkins-ci.org/display/JENKINS/Monitoring

x_refsource_CONFIRM

http://secunia.com/advisories/59122

third-party-advisoryx_refsource_SECUNIA

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Secu...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2014
Vulnerability Reserved
May 14, 2014

Jenkins-ci

What is CVE-2014-3678?

References

Timeline