GHSA-VVFJ-P4JF-J8RM Missing permission check in Jenkins Static Analysis Utilities Plugin

A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationViewdoSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users...

PT-2019-11709 · Jenkins · Jenkins Static Analysis Utilities Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Static Analysis Utilities Plugin version 1.95 and earlier Jenkins analysis-core Plugin affected versions not specified Description: A cross-site request forgery issue exists due to the lack of permission checks and the acceptance of...