Default configuration

A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationViewdoSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users...

CVE-2019-10307

CVE-2019-10307 affects Jenkins Static Analysis Utilities Plugin ≤ 1.95 (and related analysis-core changes). The vulnerability is a CSRF flaw in DefaultGraphConfigurationView#doSave that allows attackers with Job/Read access to change per-job graph defaults for all users. Impact is configuration c...