Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross-site scripting vulnerability in Javamelody #438

Closed
GoogleCodeExporter opened this issue Jun 21, 2015 · 3 comments
Closed

Cross-site scripting vulnerability in Javamelody #438

GoogleCodeExporter opened this issue Jun 21, 2015 · 3 comments

Comments

@GoogleCodeExporter
Copy link

Hi,

I'm from the Jenkins project, and one of our users have identified a XSS 
vulnerability in Javamelody. Please let me know where I should report the 
problem, as I obviously do not want to discuss the issue in details in a public 
place.

Original issue reported on code.google.com by kohsuke....@gmail.com on 26 Sep 2014 at 6:46

@GoogleCodeExporter
Copy link
Author

Hi Kohsuke,
Please send an email to evernat at free.fr

I'm the author of the Jenkins monitoring plugin [1] and of javamelody as you 
can see here [2].

[1] https://wiki.jenkins-ci.org/display/JENKINS/Monitoring
[2] https://code.google.com/p/javamelody/

Original comment by evernat@free.fr on 26 Sep 2014 at 7:08

@GoogleCodeExporter
Copy link
Author

Original comment by evernat@free.fr on 2 Oct 2014 at 9:04

  • Added labels: Security

@GoogleCodeExporter
Copy link
Author

This is fixed in version 1.53.0, available now.

Original comment by evernat@free.fr on 2 Oct 2014 at 9:06

  • Changed state: Fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant