CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29048 – Apple Security Advisory 2022-07-20-2
https://notcve.org/view.php?id=CVE-2022-29048
12 Apr 2022 — A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Subversion Plugin versiones 2.15.3 y anteriores, permite a atacantes conectarse a una URL especificada por el atacante macOS Monterey 12.5 addresses bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities. • http://seclists.org/fulldisclosure/2022/Jul/18 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29046 – subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
https://notcve.org/view.php?id=CVE-2022-29046
12 Apr 2022 — Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El plugin Jenkins Subversion versiones 2.15.3 y anteriores, no escapan el nombre y la descripción de los parámetros de las etiquetas List Subversion (y más) en las visualizaciones que muestran parámetros, resultando en una vulne... • http://seclists.org/fulldisclosure/2022/Jul/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-24070 – Apache Subversion mod_dav_svn is vulnerable to memory corruption
https://notcve.org/view.php?id=CVE-2022-24070
12 Apr 2022 — Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. La función mod_dav_svn de Subversion es vulnerable a una corrupción de memoria. • http://seclists.org/fulldisclosure/2022/Jul/18 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2021-28544 – Apache Subversion SVN authz protected copyfrom paths regression
https://notcve.org/view.php?id=CVE-2021-28544
12 Apr 2022 — Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. • http://seclists.org/fulldisclosure/2022/Jul/18 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21698 – jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key
https://notcve.org/view.php?id=CVE-2021-21698
04 Nov 2021 — Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. Jenkins Subversion Plugin versiones 2.15.0 y anteriores, no restringe el nombre de un archivo cuando es buscado un archivo de claves de subversión en el controlador desde un agente An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a s... • http://www.openwall.com/lists/oss-security/2021/11/04/3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-17525 – Remote unauthenticated denial-of-service in Subversion mod_authz_svn
https://notcve.org/view.php?id=CVE-2020-17525
15 Feb 2021 — Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7 El módulo mod_authz_svn de Subversion se bloqueará si el servidor está usando reglas de autenticación en el repositorio con la opción AuthzSVN... • https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2304 – jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks
https://notcve.org/view.php?id=CVE-2020-2304
04 Nov 2020 — Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins Subversion Plugin versiones 2.13.1 y anteriores, no configura su analizador XML para impedir ataques de tipo XML external entity (XXE) A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity (XXE) attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog fi... • http://www.openwall.com/lists/oss-security/2020/11/04/6 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2111 – jenkins-subversion-plugin: XSS in project repository base url
https://notcve.org/view.php?id=CVE-2020-2111
12 Feb 2020 — Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. Jenkins Subversion Plugin versiones 2.13.0 y anteriores, no escapa al mensaje de error para la comprobación del formulario del campo Project Repository Base URL, resultando en una vulnerabilidad de tipo cross-site scripting almacenado. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes app... • http://www.openwall.com/lists/oss-security/2020/02/12/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11782 – subversion: remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev'
https://notcve.org/view.php?id=CVE-2018-11782
31 Jul 2019 — In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. En Apache Subversion versiones hasta 1.9.10, 1.10.4, 1.12.0 incluyéndolas, el proceso del servidor svnserve de Subversion puede cerrarse cuando una petición de solo lectura bien formada produce una respuesta en particular. Esto puede conllevar a interrupciones para usuari... • http://subversion.apache.org/security/CVE-2018-11782-advisory.txt • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-0203 – subversion: NULL pointer dereference in svnserve leading to an unauthenticated remote DoS
https://notcve.org/view.php?id=CVE-2019-0203
31 Jul 2019 — In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. En Apache Subversion versiones hasta 1.9.10, 1.10.4, 1.12.0 incluyéndolas, el proceso del servidor svnserve de Subversion puede cerrarse cuando un cliente envía determinadas secuencias de comandos de protocolo. Esto puede conllevar a interrupciones para los usuarios del servidor... • http://subversion.apache.org/security/CVE-2019-0203-advisory.txt • CWE-476: NULL Pointer Dereference CWE-755: Improper Handling of Exceptional Conditions •