CVE-2018-11803
https://notcve.org/view.php?id=CVE-2018-11803
Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. El módulo Apache HTTPD "mod_dav_svn" de Subversion, en versiones 1.10.0 y desde la 1.10.3 hasta la 1.11.0, se cerrará de manera inesperada después de desreferenciar un puntero no inicializado si el cliente omite la ruta "root" en una operación de listado de un directorio recursivo. • http://www.securityfocus.com/bid/106770 https://lists.apache.org/thread.html/fa71074862373c142d264534385f8ea5d8d6b80d27f36f3c46f55003%40%3Cdev.subversion.apache.org%3E https://security.gentoo.org/glsa/201904-08 https://usn.ubuntu.com/3869-1 • CWE-824: Access of Uninitialized Pointer •
CVE-2018-1000111
https://notcve.org/view.php?id=CVE-2018-1000111
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. Existe una vulnerabilidad de autorización incorrecta en el plugin Subversion para Jenkins, en versiones 2.10.2 y anteriores, en SubversionStatus.java y SubversionRepositoryStatus.java que permite que un atacante con acceso de red obtenga una lista de nodos y usuarios. • https://jenkins.io/security/advisory/2018-02-26/#SECURITY-724 • CWE-863: Incorrect Authorization •
CVE-2017-1000085
https://notcve.org/view.php?id=CVE-2017-1000085
Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks. El plugin Subversion conecta con un repositorio Subversion especificado por el usuario como parte de una validación de formulario (por ejemplo, para recuperar una lista de etiquetas). La herramienta no comprueba correctamente los permisos, lo que permite que cualquier usuario con permisos Item/Build (pero no Item/Configure) se conecte a cualquier servidor web o servidor Subversion y envíe credenciales con un ID conocido, pudiendo capturarlas en consecuencia. • http://www.securityfocus.com/bid/99574 https://jenkins.io/security/advisory/2017-07-10 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-9800 – subversion: Command injection through clients via malicious svn+ssh URLs
https://notcve.org/view.php?id=CVE-2017-9800
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. Una URL creada con fines maliciosos svn+ssh:// podría provocar que clientes de Subversion en versiones anteriores a la 1.8.19, en versiones 1.9.x anteriores a la 1.9.7, y en versiones 1.10.0.x a 1.10.0-alpha3 ejecuten un comando shell arbitrario. Tal URL podría ser generada por un servidor malicioso, por un usuario malicioso que se confirma en un servidor honesto (para atacar otro usuario de los repositorios de ese servidor), o por un servidor proxy. • http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html http://www.debian.org/security/2017/dsa-3932 http://www.securityfocus.com/archive/1/540999/100/0/threaded http://www.securityfocus.com/bid/100259 http://www.securitytracker.com/id/1039127 https://access.redhat.com/errata/RHSA-2017:2480 https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63% • CWE-20: Improper Input Validation •
CVE-2011-0715 – (mod_dav_svn): DoS (NULL ptr deref) by a lock token sent from a not authenticated Subversion client
https://notcve.org/view.php?id=CVE-2011-0715
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. El módulo mod_dav_svn para el servidor Apache HTTP, como el distribuido en Apache Subversion antes de v1.6.16, permite a atacantes remotos provocar una denegación de servicio (desreferenciar de puntero NULL y caída de demonio) a través de una solicitud que contiene un token de bloqueo. • http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056071.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056072.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056736.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://secunia.com/advisories/43583 http://secunia.com/advisories/43603 http://secunia.com/advisories/43672 http: •