VYPR

Static Analysis Utilities

by Jenkins Project

Source repositories

CVEs (4)

  • CVE-2017-1000102MedOct 5, 2017
    risk 0.35cvss 5.4epss 0.01

    The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings…

  • CVE-2020-2316Nov 4, 2020
    risk 0.00cvss epss 0.01

    Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

  • CVE-2019-10307Apr 30, 2019
    risk 0.00cvss epss 0.01

    A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users.

  • CVE-2019-10308Apr 30, 2019
    risk 0.00cvss epss 0.02

    A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users.