org.jvnet.hudson.plugins:monitoring@1.8.2 vulnerabilities
latest version
1.25.0
first published
15 years ago
latest version published
13 years ago
licenses detected
- [1.8.1,)
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.jvnet.hudson.plugins:monitoring package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
org.jvnet.hudson.plugins:monitoring is a maven pugin for monitoring of Jenkins. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). An attacker may kill threads running on the Jenkins master which can lead to denial of service. NOTE: Monitoring Plugin does not take into account configuration changes applied after Jenkins startup or after Monitoring Plugin finishes loading. Administrators need to restart Jenkins when enabling or disabling the CSRF protection configuration to apply the change to Monitoring Plugin. How to fix Cross-site Request Forgery (CSRF)? Upgrade | [,1.75) |
org.jvnet.hudson.plugins:monitoring is a Plugin for JavaMelody to monitor performance in a Jenkins server. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. A malicious user could inject arbitrary web script or HTML via unspecified vectors. How to fix Cross-site Scripting (XSS)? Upgrade | [,1.53) |
org.jvnet.hudson.plugins:monitoring is a Plugin for JavaMelody to monitor performance in a Jenkins server. Affected versions of this package are vulnerable to Information Exposure. A malicious user could obtain sensitive information by accessing unspecified pages. How to fix Information Exposure? Upgrade | [,1.53.0) |