CVE-2024-34148
https://notcve.org/view.php?id=CVE-2024-34148
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'. El complemento Jenkins Subversion Partial Release Manager 1.0.1 y versiones anteriores deshabilita mediante programación la solución para CVE-2016-3721 cada vez que se activa una compilación desde una etiqueta de versión, estableciendo la propiedad del sistema Java 'hudson.model.ParametersAction.keepUndefinedParameters'. • http://www.openwall.com/lists/oss-security/2024/05/02/3 https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3331 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2024-28159
https://notcve.org/view.php?id=CVE-2024-28159
A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build. Una verificación de permiso faltante en el complemento Jenkins Subversion Partial Release Manager 1.0.1 y versiones anteriores permite a atacantes con permiso de elemento/lectura activar una compilación. • http://www.openwall.com/lists/oss-security/2024/03/06/3 https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3325 • CWE-862: Missing Authorization •
CVE-2024-28158
https://notcve.org/view.php?id=CVE-2024-28158
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build. Vulnerabilidad de cross-site request forgery (CSRF) en el complemento Jenkins Subversion Partial Release Manager 1.0.1 y versiones anteriores permite a los atacantes activar una compilación. • http://www.openwall.com/lists/oss-security/2024/03/06/3 https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3325 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-2199
https://notcve.org/view.php?id=CVE-2020-2199
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. Jenkins Subversion Partial Release Manager Plugin versiones 1.0.1 y anteriores, no escapa el mensaje de error para la comprobación del formulario del campo URL del repositorio, resultando en una vulnerabilidad de tipo cross-site scripting reflejado. • http://www.openwall.com/lists/oss-security/2020/06/03/3 https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •