CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29048
https://notcve.org/view.php?id=CVE-2022-29048
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Subversion Plugin versiones 2.15.3 y anteriores, permite a atacantes conectarse a una URL especificada por el atacante • http://seclists.org/fulldisclosure/2022/Jul/18 https://support.apple.com/kb/HT213345 https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2075 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29046 – subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
https://notcve.org/view.php?id=CVE-2022-29046
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El plugin Jenkins Subversion versiones 2.15.3 y anteriores, no escapan el nombre y la descripción de los parámetros de las etiquetas List Subversion (y más) en las visualizaciones que muestran parámetros, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con permiso de Item/Configure A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers with Item/Configure permission. • http://seclists.org/fulldisclosure/2022/Jul/18 https://support.apple.com/kb/HT213345 https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617 https://access.redhat.com/security/cve/CVE-2022-29046 https://bugzilla.redhat.com/show_bug.cgi?id=2074851 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21698 – jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key
https://notcve.org/view.php?id=CVE-2021-21698
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. Jenkins Subversion Plugin versiones 2.15.0 y anteriores, no restringe el nombre de un archivo cuando es buscado un archivo de claves de subversión en el controlador desde un agente An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on the Jenkins controller file system. • http://www.openwall.com/lists/oss-security/2021/11/04/3 https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506 https://access.redhat.com/security/cve/CVE-2021-21698 https://bugzilla.redhat.com/show_bug.cgi?id=2020385 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2304 – jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks
https://notcve.org/view.php?id=CVE-2020-2304
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins Subversion Plugin versiones 2.13.1 y anteriores, no configura su analizador XML para impedir ataques de tipo XML external entity (XXE) A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity (XXE) attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. The highest threat from this vulnerability is to data confidentiality. • http://www.openwall.com/lists/oss-security/2020/11/04/6 https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2145 https://access.redhat.com/security/cve/CVE-2020-2304 https://bugzilla.redhat.com/show_bug.cgi?id=1895939 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2111 – jenkins-subversion-plugin: XSS in project repository base url
https://notcve.org/view.php?id=CVE-2020-2111
Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. Jenkins Subversion Plugin versiones 2.13.0 y anteriores, no escapa al mensaje de error para la comprobación del formulario del campo Project Repository Base URL, resultando en una vulnerabilidad de tipo cross-site scripting almacenado. • http://www.openwall.com/lists/oss-security/2020/02/12/3 https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1725 https://access.redhat.com/security/cve/CVE-2020-2111 https://bugzilla.redhat.com/show_bug.cgi?id=1819105 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •