NotCVE - vendor:"Jenkins" product:"Subversion"

Page 2 of 13 results (0.004 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-1000111

https://notcve.org/view.php?id=CVE-2018-1000111

13 Mar 2018 — An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. Existe una vulnerabilidad de autorización incorrecta en el plugin Subversion para Jenkins, en versiones 2.10.2 y anteriores, en SubversionStatus.java y SubversionRepositoryStatus.java que permite que un atacante con acceso de red obtenga una lista de nodos y usuarios... • https://jenkins.io/security/advisory/2018-02-26/#SECURITY-724 • CWE-863: Incorrect Authorization •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-1000085

https://notcve.org/view.php?id=CVE-2017-1000085

04 Oct 2017 — Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to... • http://www.securityfocus.com/bid/99574 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.0EPSS: 0%CPEs: 54EXPL: 1

CVE-2013-6372

https://notcve.org/view.php?id=CVE-2013-6372

08 May 2014 — The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file. El plugin Subversion anterior a 1.54 para Jenkins almacena credenciales utilizando codificación base64, lo que permite a usuarios locales obtener contraseñas y claves privadas SSH mediante la lectura de un archivo subversion.credentials. • https://bugzilla.redhat.com/show_bug.cgi?id=1032391 • CWE-255: Credentials Management Errors •

1 2