{"id":"CVE-2019-10307","details":"A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users.","aliases":["GHSA-3v9f-4vff-rx42"],"modified":"2026-04-10T04:13:45.865459Z","published":"2019-04-30T13:29:05.157Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/108159"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2019-04-30/#SECURITY-1100"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/04/30/5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/analysis-core-plugin","events":[{"introduced":"0"},{"last_affected":"35bac6c830b5b769dac1a9eea7227d6e14bf9755"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.95"}]}}],"versions":["analysis-core-1.17","analysis-core-1.18","analysis-core-1.19","analysis-core-1.20","analysis-core-1.21","analysis-core-1.22","analysis-core-1.23","analysis-core-1.24","analysis-core-1.25","analysis-core-1.26","analysis-core-1.27","analysis-core-1.28","analysis-core-1.29","analysis-core-1.30","analysis-core-1.32","analysis-core-1.33","analysis-core-1.34","analysis-core-1.35","analysis-core-1.36","analysis-core-1.37","analysis-core-1.38","analysis-core-1.39","analysis-core-1.40","analysis-core-1.41","analysis-core-1.42","analysis-core-1.43","analysis-core-1.44","analysis-core-1.45","analysis-core-1.46","analysis-core-1.47","analysis-core-1.48","analysis-core-1.49","analysis-core-1.50","analysis-core-1.51","analysis-core-1.52","analysis-core-1.53","analysis-core-1.54","analysis-core-1.55","analysis-core-1.56","analysis-core-1.57","analysis-core-1.58","analysis-core-1.59","analysis-core-1.60","analysis-core-1.61","analysis-core-1.62","analysis-core-1.63","analysis-core-1.64","analysis-core-1.65","analysis-core-1.66","analysis-core-1.67","analysis-core-1.68","analysis-core-1.69","analysis-core-1.70","analysis-core-1.71","analysis-core-1.72","analysis-core-1.73","analysis-core-1.74","analysis-core-1.75","analysis-core-1.76","analysis-core-1.77","analysis-core-1.78","analysis-core-1.79","analysis-core-1.80","analysis-core-1.81","analysis-core-1.82","analysis-core-1.83","analysis-core-1.84","analysis-core-1.86","analysis-core-1.87","analysis-core-1.88","analysis-core-1.89","analysis-core-1.90","analysis-core-1.91","analysis-core-1.92","analysis-core-1.93","analysis-core-1.94","analysis-core-1.95"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10307.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}