CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34148
https://notcve.org/view.php?id=CVE-2024-34148
02 May 2024 — Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'. El complemento Jenkins Subversion Partial Release Manager 1.0.1 y versiones anteriores deshabilita mediante programación la solución para CVE-2016-3721 cada vez que se activa una compilación desde una etiqueta de versión, estableciendo la propiedad ... • http://www.openwall.com/lists/oss-security/2024/05/02/3 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28159
https://notcve.org/view.php?id=CVE-2024-28159
06 Mar 2024 — A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build. Una verificación de permiso faltante en el complemento Jenkins Subversion Partial Release Manager 1.0.1 y versiones anteriores permite a atacantes con permiso de elemento/lectura activar una compilación. • http://www.openwall.com/lists/oss-security/2024/03/06/3 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28158
https://notcve.org/view.php?id=CVE-2024-28158
06 Mar 2024 — A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build. Vulnerabilidad de cross-site request forgery (CSRF) en el complemento Jenkins Subversion Partial Release Manager 1.0.1 y versiones anteriores permite a los atacantes activar una compilación. • http://www.openwall.com/lists/oss-security/2024/03/06/3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29048 – Apple Security Advisory 2022-07-20-2
https://notcve.org/view.php?id=CVE-2022-29048
12 Apr 2022 — A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Subversion Plugin versiones 2.15.3 y anteriores, permite a atacantes conectarse a una URL especificada por el atacante macOS Monterey 12.5 addresses bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities. • http://seclists.org/fulldisclosure/2022/Jul/18 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 1%CPEs: 2EXPL: 0CVE-2022-29046 – subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
https://notcve.org/view.php?id=CVE-2022-29046
12 Apr 2022 — Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El plugin Jenkins Subversion versiones 2.15.3 y anteriores, no escapan el nombre y la descripción de los parámetros de las etiquetas List Subversion (y más) en las visualizaciones que muestran parámetros, resultando en una vulne... • http://seclists.org/fulldisclosure/2022/Jul/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2021-21698 – jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key
https://notcve.org/view.php?id=CVE-2021-21698
04 Nov 2021 — Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. Jenkins Subversion Plugin versiones 2.15.0 y anteriores, no restringe el nombre de un archivo cuando es buscado un archivo de claves de subversión en el controlador desde un agente An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a s... • http://www.openwall.com/lists/oss-security/2021/11/04/3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2020-2304 – jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks
https://notcve.org/view.php?id=CVE-2020-2304
04 Nov 2020 — Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins Subversion Plugin versiones 2.13.1 y anteriores, no configura su analizador XML para impedir ataques de tipo XML external entity (XXE) A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity (XXE) attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog fi... • http://www.openwall.com/lists/oss-security/2020/11/04/6 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 21%CPEs: 1EXPL: 0CVE-2020-2199
https://notcve.org/view.php?id=CVE-2020-2199
03 Jun 2020 — Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. Jenkins Subversion Partial Release Manager Plugin versiones 1.0.1 y anteriores, no escapa el mensaje de error para la comprobación del formulario del campo URL del repositorio, resultando en una vulnerabilidad de tipo cross-site scripting reflejado. • http://www.openwall.com/lists/oss-security/2020/06/03/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2152
https://notcve.org/view.php?id=CVE-2020-2152
09 Mar 2020 — Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. Jenkins Subversion Release Manager Plugin versiones 1.2 y anteriores, no escapa al mensaje de error para la comprobación del formulario del campo Repository URL, resultando en una vulnerabilidad de tipo cross-site scripting reflejado. • http://www.openwall.com/lists/oss-security/2020/03/09/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2111 – jenkins-subversion-plugin: XSS in project repository base url
https://notcve.org/view.php?id=CVE-2020-2111
12 Feb 2020 — Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. Jenkins Subversion Plugin versiones 2.13.0 y anteriores, no escapa al mensaje de error para la comprobación del formulario del campo Project Repository Base URL, resultando en una vulnerabilidad de tipo cross-site scripting almacenado. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes app... • http://www.openwall.com/lists/oss-security/2020/02/12/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •