CVE-2019-10308

2019-04-3013:29:05

Google

osv.dev

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.1%

JSON

A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users.

CPENameOperatorVersion
analysis-core-plugineqanalysis-core-1.26
analysis-core-plugineqanalysis-core-1.53
analysis-core-plugineqanalysis-core-1.35
analysis-core-plugineqanalysis-core-1.77
analysis-core-plugineqanalysis-core-1.52
analysis-core-plugineqanalysis-core-1.89
analysis-core-plugineqanalysis-core-1.86
analysis-core-plugineqanalysis-core-1.51
analysis-core-plugineqanalysis-core-1.59
analysis-core-plugineqanalysis-core-1.72

Name	Operator	Version
analysis-core-plugin	eq	analysis-core-1.26
analysis-core-plugin	eq	analysis-core-1.53
analysis-core-plugin	eq	analysis-core-1.35
analysis-core-plugin	eq	analysis-core-1.77
analysis-core-plugin	eq	analysis-core-1.52
analysis-core-plugin	eq	analysis-core-1.89
analysis-core-plugin	eq	analysis-core-1.86
analysis-core-plugin	eq	analysis-core-1.51
analysis-core-plugin	eq	analysis-core-1.59
analysis-core-plugin	eq	analysis-core-1.72