CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29048 – Apple Security Advisory 2022-07-20-2
https://notcve.org/view.php?id=CVE-2022-29048
12 Apr 2022 — A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Subversion Plugin versiones 2.15.3 y anteriores, permite a atacantes conectarse a una URL especificada por el atacante macOS Monterey 12.5 addresses bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities. • http://seclists.org/fulldisclosure/2022/Jul/18 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 1%CPEs: 2EXPL: 0CVE-2022-29046 – subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
https://notcve.org/view.php?id=CVE-2022-29046
12 Apr 2022 — Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El plugin Jenkins Subversion versiones 2.15.3 y anteriores, no escapan el nombre y la descripción de los parámetros de las etiquetas List Subversion (y más) en las visualizaciones que muestran parámetros, resultando en una vulne... • http://seclists.org/fulldisclosure/2022/Jul/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2021-21698 – jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key
https://notcve.org/view.php?id=CVE-2021-21698
04 Nov 2021 — Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. Jenkins Subversion Plugin versiones 2.15.0 y anteriores, no restringe el nombre de un archivo cuando es buscado un archivo de claves de subversión en el controlador desde un agente An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a s... • http://www.openwall.com/lists/oss-security/2021/11/04/3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2020-2304 – jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks
https://notcve.org/view.php?id=CVE-2020-2304
04 Nov 2020 — Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins Subversion Plugin versiones 2.13.1 y anteriores, no configura su analizador XML para impedir ataques de tipo XML external entity (XXE) A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity (XXE) attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog fi... • http://www.openwall.com/lists/oss-security/2020/11/04/6 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2111 – jenkins-subversion-plugin: XSS in project repository base url
https://notcve.org/view.php?id=CVE-2020-2111
12 Feb 2020 — Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. Jenkins Subversion Plugin versiones 2.13.0 y anteriores, no escapa al mensaje de error para la comprobación del formulario del campo Project Repository Base URL, resultando en una vulnerabilidad de tipo cross-site scripting almacenado. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes app... • http://www.openwall.com/lists/oss-security/2020/02/12/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11782 – subversion: remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev'
https://notcve.org/view.php?id=CVE-2018-11782
31 Jul 2019 — In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. En Apache Subversion versiones hasta 1.9.10, 1.10.4, 1.12.0 incluyéndolas, el proceso del servidor svnserve de Subversion puede cerrarse cuando una petición de solo lectura bien formada produce una respuesta en particular. Esto puede conllevar a interrupciones para usuari... • http://subversion.apache.org/security/CVE-2018-11782-advisory.txt • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 0CVE-2019-0203 – subversion: NULL pointer dereference in svnserve leading to an unauthenticated remote DoS
https://notcve.org/view.php?id=CVE-2019-0203
31 Jul 2019 — In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. En Apache Subversion versiones hasta 1.9.10, 1.10.4, 1.12.0 incluyéndolas, el proceso del servidor svnserve de Subversion puede cerrarse cuando un cliente envía determinadas secuencias de comandos de protocolo. Esto puede conllevar a interrupciones para los usuarios del servidor... • http://subversion.apache.org/security/CVE-2019-0203-advisory.txt • CWE-476: NULL Pointer Dereference CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000111
https://notcve.org/view.php?id=CVE-2018-1000111
13 Mar 2018 — An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. Existe una vulnerabilidad de autorización incorrecta en el plugin Subversion para Jenkins, en versiones 2.10.2 y anteriores, en SubversionStatus.java y SubversionRepositoryStatus.java que permite que un atacante con acceso de red obtenga una lista de nodos y usuarios... • https://jenkins.io/security/advisory/2018-02-26/#SECURITY-724 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000085
https://notcve.org/view.php?id=CVE-2017-1000085
04 Oct 2017 — Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to... • http://www.securityfocus.com/bid/99574 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 67%CPEs: 12EXPL: 0CVE-2017-9800 – subversion: Command injection through clients via malicious svn+ssh URLs
https://notcve.org/view.php?id=CVE-2017-9800
10 Aug 2017 — A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. Una URL creada con fines maliciosos svn+s... • http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html • CWE-20: Improper Input Validation •