CVE-2019-10308

Summary

A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Static Analysis Utilities Plugin1.95 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References