2 matches found
com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) +30 more potentially affected by CVE-2019-10307 via org.jvnet.hudson.plugins:analysis-core (>=1.0 <=1.94)
org.jvnet.hudson.plugins:analysis-core MAVEN version =1.0, =1.7.2, =1.0.0, =0.9, =2.5.0, =2.5.0, =2.5.0, =2.5.0, =0.7, =1.20, =1.0.1, =0.3, =7.97, =1.0, =1.0, =1.20 and more Source cves: CVE-2019-10307 Source advisory: OSV:GHSA-3V9F-4VFF-RX42...
CVE-2019-10307
CVE-2019-10307 affects Jenkins Static Analysis Utilities Plugin ≤ 1.95 (and related analysis-core changes). The vulnerability is a CSRF flaw in DefaultGraphConfigurationView#doSave that allows attackers with Job/Read access to change per-job graph defaults for all users. Impact is configuration c...