Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe
Filtered by product Static Analysis Utilities
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-2316 1 Jenkins 1 Static Analysis Utilities 2024-02-04 3.5 LOW 5.4 MEDIUM
Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2019-10308 1 Jenkins 1 Static Analysis Utilities 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users.
CVE-2019-10307 1 Jenkins 1 Static Analysis Utilities 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users.
CVE-2017-1000102 1 Jenkins 1 Static Analysis Utilities 2024-02-04 3.5 LOW 5.4 MEDIUM
The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.