CVE-2014-3678

2014-10-1014:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-3678

cross-site scripting

xss

jenkins

monitoring plugin

security vulnerability

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.6%

JSON

Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
jenkins-ci:monitoring_pluginjenkins-ci monitoring plugineq1.50.0
jenkins-ci:monitoring_pluginjenkins-ci monitoring plugineq1.52.0
jenkins-ci:monitoring_pluginjenkins-ci monitoring plugineq1.48.0
jenkins-ci:monitoring_pluginjenkins-ci monitoring pluginle1.52.1
jenkins-ci:monitoring_pluginjenkins-ci monitoring plugineq1.40.0
jenkins-ci:monitoring_pluginjenkins-ci monitoring plugineq1.46.0
jenkins-ci:monitoring_pluginjenkins-ci monitoring plugineq1.49.0
jenkins-ci:monitoring_pluginjenkins-ci monitoring plugineq1.42.0
jenkins-ci:monitoring_pluginjenkins-ci monitoring plugineq1.45.0
jenkins-ci:monitoring_pluginjenkins-ci monitoring plugineq1.44.0

CPE	Name	Operator	Version
jenkins-ci:monitoring_plugin	jenkins-ci monitoring plugin	eq	1.50.0
jenkins-ci:monitoring_plugin	jenkins-ci monitoring plugin	eq	1.52.0
jenkins-ci:monitoring_plugin	jenkins-ci monitoring plugin	eq	1.48.0
jenkins-ci:monitoring_plugin	jenkins-ci monitoring plugin	le	1.52.1
jenkins-ci:monitoring_plugin	jenkins-ci monitoring plugin	eq	1.40.0
jenkins-ci:monitoring_plugin	jenkins-ci monitoring plugin	eq	1.46.0
jenkins-ci:monitoring_plugin	jenkins-ci monitoring plugin	eq	1.49.0
jenkins-ci:monitoring_plugin	jenkins-ci monitoring plugin	eq	1.42.0
jenkins-ci:monitoring_plugin	jenkins-ci monitoring plugin	eq	1.45.0
jenkins-ci:monitoring_plugin	jenkins-ci monitoring plugin	eq	1.44.0