Jenkins Project Jenkins Static Analysis Utilities Plugin vulnerabilities
3 known vulnerabilities affecting jenkins_project/jenkins_static_analysis_utilities_plugin.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2020-2316MEDIUMCVSS 5.4≥ unspecified, ≤ 1.962020-11-04
CVE-2020-2316 [MEDIUM] CWE-79 CVE-2020-2316: Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in
Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
cvelistv5nvd
CVE-2019-10307MEDIUMCVSS 6.5v1.95 and earlier2019-04-30
CVE-2019-10307 [MEDIUM] CWE-352 CVE-2019-10307: A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earl
A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users.
cvelistv5nvd
CVE-2019-10308MEDIUMCVSS 6.5v1.95 and earlier2019-04-30
CVE-2019-10308 [MEDIUM] CWE-862 CVE-2019-10308: A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the Defau
A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users.
cvelistv5nvd