45 matches found
CVE-2024-34148
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'...
EUVD-2013-6197
Malware in sbrugna...
EUVD-2022-5390
Malicious code in bioql PyPI...
EUVD-2024-0969
Malicious code in bioql PyPI...
EUVD-2024-1005
Malicious code in bioql PyPI...
EUVD-2022-5541
Malicious code in bioql PyPI...
EUVD-2022-4893
Malicious code in bioql PyPI...
EUVD-2022-5703
Malicious code in bioql PyPI...
CVE-2024-28159
A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...
CVE-2024-28158
A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...
CVE-2024-34148
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'...
CVE-2024-28159
A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...
PT-2024-22304 · Jenkins · Jenkins Subversion Partial Release Manager Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Partial Release Manager Plugin versions 1.0.1 and earlier Description: A cross-site request forgery CSRF issue allows attackers to trigger a build. Recommendations: For Jenkins Subversion Partial Release Manager Plugin...
RHEL 7 / 8 : OpenShift Container Platform 4.6.59 (RHSA-2022:4947)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4947 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Multiple vulnerabilities have been fixed in the Red Hat OpenShift Container Platform. These vulnerabilities allow an attacker to able to perform a Cross-Site Scripting XSS attack on the subversion plugin of Jenkins or a denial-of-service DoS in GoLang. Red Hat has made updates available for Red H...
subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...
subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...
Jenkins Subversion Plugin Stores Credentials with Base64 Encoding
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...
GHSA-HRWC-PQFM-G6QF Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability
Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...