CVE-2019-10307

2019-04-3013:29:05

Google

osv.dev

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.9%

JSON

A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users.

CPENameOperatorVersion
analysis-core-plugineqanalysis-core-1.26
analysis-core-plugineqanalysis-core-1.53
analysis-core-plugineqanalysis-core-1.35
analysis-core-plugineqanalysis-core-1.77
analysis-core-plugineqanalysis-core-1.52
analysis-core-plugineqanalysis-core-1.89
analysis-core-plugineqanalysis-core-1.86
analysis-core-plugineqanalysis-core-1.51
analysis-core-plugineqanalysis-core-1.59
analysis-core-plugineqanalysis-core-1.72

Name	Operator	Version
analysis-core-plugin	eq	analysis-core-1.26
analysis-core-plugin	eq	analysis-core-1.53
analysis-core-plugin	eq	analysis-core-1.35
analysis-core-plugin	eq	analysis-core-1.77
analysis-core-plugin	eq	analysis-core-1.52
analysis-core-plugin	eq	analysis-core-1.89
analysis-core-plugin	eq	analysis-core-1.86
analysis-core-plugin	eq	analysis-core-1.51
analysis-core-plugin	eq	analysis-core-1.59
analysis-core-plugin	eq	analysis-core-1.72