CVE-2014-3678: XSS
First published: Fri Oct 10 2014(Updated: )
Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins External Monitor Job Type | <=1.52.1 | |
| Jenkins External Monitor Job Type | =1.40.0 | |
| Jenkins External Monitor Job Type | =1.41.0 | |
| Jenkins External Monitor Job Type | =1.42.0 | |
| Jenkins External Monitor Job Type | =1.43.0 | |
| Jenkins External Monitor Job Type | =1.44.0 | |
| Jenkins External Monitor Job Type | =1.45.0 | |
| Jenkins External Monitor Job Type | =1.46.0 | |
| Jenkins External Monitor Job Type | =1.47.0 | |
| Jenkins External Monitor Job Type | =1.48.0 | |
| Jenkins External Monitor Job Type | =1.49.0 | |
| Jenkins External Monitor Job Type | =1.50.0 | |
| Jenkins External Monitor Job Type | =1.51.0 | |
| Jenkins External Monitor Job Type | =1.52.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3678?
CVE-2014-3678 has a medium severity rating due to its cross-site scripting (XSS) vulnerability that could allow attackers to inject malicious scripts.
How do I fix CVE-2014-3678?
To fix CVE-2014-3678, upgrade the Jenkins Monitoring plugin to version 1.53.0 or later.
What types of software are affected by CVE-2014-3678?
CVE-2014-3678 affects various versions of the Jenkins Monitoring plugin prior to 1.53.0.
What is the impact of CVE-2014-3678?
The impact of CVE-2014-3678 includes the potential for remote attackers to execute arbitrary web scripts or HTML in the context of the affected application.
Can CVE-2014-3678 be exploited in a non-authenticated context?
Yes, CVE-2014-3678 can potentially be exploited by unauthenticated remote attackers, increasing its risk.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/jenkins-ci
- canonical/jenkins external monitor job type
- version/jenkins external monitor job type/1.52.1
- version/jenkins external monitor job type/1.40.0
- version/jenkins external monitor job type/1.41.0
- version/jenkins external monitor job type/1.42.0
- version/jenkins external monitor job type/1.43.0
- version/jenkins external monitor job type/1.44.0
- version/jenkins external monitor job type/1.45.0
- version/jenkins external monitor job type/1.46.0
- version/jenkins external monitor job type/1.47.0
- version/jenkins external monitor job type/1.48.0
- version/jenkins external monitor job type/1.49.0
- version/jenkins external monitor job type/1.50.0
- version/jenkins external monitor job type/1.51.0
- version/jenkins external monitor job type/1.52.0