Allele Security Alert
ASA-2019-00106
Identifier(s)
ASA-2019-00106, SECURITY-1154
Title
Clickjacking vulnerability in Monitoring Plugin
Vendor(s)
Jenkins project
Product(s)
Jenkins Monitoring Plugin
Affected version(s)
Monitoring Plugin up to and including 1.74.0
Fixed version(s)
Monitoring Plugin version 1.75.0
Proof of concept
Unknown
Description
Monitoring Plugin did not set the X-Frame-Options header, allowing its pages to be embedded. This could result in clickjacking attacks.
Technical details
Unknown
Credits
Daniel Beck (CloudBees, Inc)
Reference(s)
Jenkins Security Advisory 2019-01-28
https://jenkins.io/security/advisory/2019-01-28
Jenkins Plugins
https://plugins.jenkins.io/monitoring
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: March 6, 2019