CVE-2019-1003007

GHSA-mmrv-3cqg-hpf9, CVE-2019-1003007

maven/org.jvnet.hudson.plugins/warnings

Cross-Site Request Forgery (CSRF)

A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.

All versions up to 5.0.0

Upgrade to version 5.0.1 or above.

2024-01-31