CVE-2014-3679: Jenkins Monitoring Plugin Reveals Sensitive Information via Unspecified Pages
(updated )
The Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to obtain sensitive information by accessing unspecified pages.
References
- github.com/advisories/GHSA-qwc3-p5pc-q93h
- github.com/jenkinsci/monitoring-plugin
- github.com/jenkinsci/monitoring-plugin/commit/f0f6aeef2032696c97d4b015dd51fa2b841b0473
- nvd.nist.gov/vuln/detail/CVE-2014-3679
- wiki.jenkins-ci.org/display/JENKINS/Monitoring
- wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
Detect and mitigate CVE-2014-3679 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →