CVE-2019-1003007

Name of the Vulnerable Software and Affected Versions: Jenkins Warnings Plugin versions 5.0.0 and earlier

Description: A cross-site request forgery issue exists that allows attackers to execute arbitrary code via a form validation HTTP endpoint. The issue is related to the GroovyParser.java file in the src/main/java/hudson/plugins/warnings directory.

Recommendations: For Jenkins Warnings Plugin versions 5.0.0 and earlier, consider disabling the form validation HTTP endpoint until a fix is available. Restrict access to the GroovyParser.java file to minimize the risk of exploitation.