CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

OSV•added 2022/05/17 12:29 a.m.•2 views

GHSA-HRWC-PQFM-G6QF Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability

Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...

6.5CVSS5.9AI score0.00141EPSS

Exploits0References4

OSV•added 2022/04/12 8:15 p.m.•2 views

CVE-2022-29046

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags and more parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.7AI score

Exploits0References3

ATTACKERKB•added 2022/04/12 8:15 p.m.•2 views

CVE-2022-29048

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS6.4AI score0.00199EPSS

Exploits0References4

Positive Technologies•added 2022/04/12 12:0 a.m.•2 views

PT-2022-19388 · Jenkins +1 · Jenkins Subversion Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.3 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL. This issue arises because the Subversion Plugin does not require POST...

4.3CVSS4.4AI score0.00199EPSS

Exploits0References14

Positive Technologies•added 2021/11/04 12:0 a.m.•2 views

PT-2021-14729 · Jenkins · Jenkins Subversion Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.0 and earlier Description: The issue allows attackers who can control agent processes to read arbitrary files on the Jenkins controller file system. This is because the plugin does not restrict the name...

7.5CVSS8.4AI score0.03705EPSS

Exploits0References8

RedHat Linux•added 2020/09/09 3:23 p.m.•2 views

jenkins-subversion-plugin: XSS in project repository base url

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...

5.4CVSS7AI score0.0007EPSS

Exploits0References5

RedHat Linux•added 2020/06/17 10:38 p.m.•2 views

jenkins-subversion-plugin: XSS in project repository base url

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...

5.4CVSS7AI score0.0007EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by