diff --git a/core/src/main/java/hudson/model/Computer.java b/core/src/main/java/hudson/model/Computer.java
index 661c7ec77faef6976706c2a963e48f40b68585e2..0b52b1702fc097df4c4fb3c9c75cef9116afa14c 100644
--- a/core/src/main/java/hudson/model/Computer.java
+++ b/core/src/main/java/hudson/model/Computer.java
@@ -1110,8 +1110,10 @@ public /*transient*/ abstract class Computer extends Actionable implements Acces
     @Exported(inline=true)
     public Map<String/*monitor name*/,Object> getMonitorData() {
         Map<String,Object> r = new HashMap<String, Object>();
-        for (NodeMonitor monitor : NodeMonitor.getAll())
-            r.put(monitor.getClass().getName(),monitor.data(this));
+        if (hasPermission(CONNECT)) {
+            for (NodeMonitor monitor : NodeMonitor.getAll())
+                r.put(monitor.getClass().getName(), monitor.data(this));
+        }
         return r;
     }
 
diff --git a/test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java b/test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java
index 1ae807ba07f75ccb84b3f89ca4887397244efb62..737e7b3228774748dd5cfcfb8ba80dc782607ce9 100644
--- a/test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java
+++ b/test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java
@@ -27,6 +27,8 @@ import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.startsWith;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.when;
 import hudson.security.ACL;
@@ -49,6 +51,7 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
+import org.jvnet.hudson.test.Issue;
 import org.jvnet.hudson.test.JenkinsRule;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
@@ -141,6 +144,26 @@ public class ComputerConfigDotXmlTest {
         assertThat(updatedSlave.getNumExecutors(), equalTo(42));
     }
 
+    @Test
+    @Issue("SECURITY-343")
+    public void emptyNodeMonitorDataWithoutConnect() throws Exception {
+        rule.jenkins.setAuthorizationStrategy(new GlobalMatrixAuthorizationStrategy());
+
+        assertTrue(computer.getMonitorData().isEmpty());
+    }
+
+    @Test
+    @Issue("SECURITY-343")
+    public void populatedNodeMonitorDataWithConnect() throws Exception {
+        GlobalMatrixAuthorizationStrategy auth = new GlobalMatrixAuthorizationStrategy();
+        rule.jenkins.setAuthorizationStrategy(auth);
+        auth.add(Computer.CONNECT, "user");
+
+        assertFalse(computer.getMonitorData().isEmpty());
+    }
+
+
+
     private OutputStream captureOutput() throws IOException {
 
         final ByteArrayOutputStream baos = new ByteArrayOutputStream();