{"id":"CVE-2019-1003008","details":"A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.","aliases":["GHSA-whf8-3h58-2w9f"],"modified":"2026-03-14T09:30:55.143028Z","published":"2019-02-06T16:29:00.483Z","references":[{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1295%20%282%29"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/warnings-ng-plugin","events":[{"introduced":"0"},{"last_affected":"e7e4395079ca288b0ebd9365a5721974a35ffb59"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.1.1"}]}}],"versions":["warnings-ng-1.0.0","warnings-ng-1.0.0-beta1","warnings-ng-1.0.0-beta10","warnings-ng-1.0.0-beta2","warnings-ng-1.0.0-beta3","warnings-ng-1.0.0-beta4","warnings-ng-1.0.0-beta5","warnings-ng-1.0.0-beta6","warnings-ng-1.0.0-beta7","warnings-ng-1.0.0-beta8","warnings-ng-1.0.0-beta9","warnings-ng-1.0.1","warnings-ng-2.0.0","warnings-ng-2.1.0","warnings-ng-2.1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1003008.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}