<p>Upgrade <code>org.jvnet.hudson.plugins:monitoring</code> to version 1.75 or higher.</p>

Cross-site Request Forgery (CSRF) Affecting org.jvnet.hudson.plugins:monitoring package, versions [,1.75)

Snyk CVSS

Attack Complexity Low

User Interaction Required

Threat Intelligence

EPSS 0.05% (19^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGJVNETHUDSONPLUGINS-173674
published 6 Feb 2019
disclosed 6 Feb 2019
credit Daniel Beck, CloudBees, Inc.

Report a new vulnerability Found a mistake?

Introduced: 6 Feb 2019

CVE-2019-1003022 Open this link in a new tab CWE-352 Open this link in a new tab

How to fix?

Upgrade org.jvnet.hudson.plugins:monitoring to version 1.75 or higher.

Overview

org.jvnet.hudson.plugins:monitoring is a maven pugin for monitoring of Jenkins.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). An attacker may kill threads running on the Jenkins master which can lead to denial of service. NOTE: Monitoring Plugin does not take into account configuration changes applied after Jenkins startup or after Monitoring Plugin finishes loading. Administrators need to restart Jenkins when enabling or disabling the CSRF protection configuration to apply the change to Monitoring Plugin.