22 matches found
CVE-2019-10308
CVE-2019-10308 affects Jenkins Static Analysis Utilities Plugin (versions ≤ 1.95). A missing permission check in the DefaultGraphConfigurationView.doSave form handler allowed users with Overall/Read permissions to alter the per-job default graph configuration for all users. Impact: attackers with...
CVE-2019-10307
CVE-2019-10307 affects Jenkins Static Analysis Utilities Plugin ≤ 1.95 (and related analysis-core changes). The vulnerability is a CSRF flaw in DefaultGraphConfigurationView#doSave that allows attackers with Job/Read access to change per-job graph defaults for all users. Impact is configuration c...