Access Restriction Bypass The advisory has been revoked - it doesn't affect any version of package org.jvnet.hudson.plugins:analysis-core Open this link in a new tab

Threat Intelligence

EPSS 0.12% (46^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGJVNETHUDSONPLUGINS-174558
published 1 May 2019
disclosed 30 Apr 2019
credit Oleg Nenashev

Report a new vulnerability Found a mistake?

Introduced: 30 Apr 2019

CVE-2019-10308 Open this link in a new tab CWE-284 Open this link in a new tab

Amendment

This was deemed not a vulnerability.

Overview

org.jvnet.hudson.plugins:analysis-core is a Jenkins plugin to read static analysis reports into a Java object model.

Affected versions of this package are vulnerable to Access Restriction Bypass via the DefaultGraphConfigurationView#doSave form handler method which allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users.