Lucene search
K

107 matches found

RedHat Linux
RedHat Linux
added 2022/06/17 5:40 a.m.5 views

subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...

5.4CVSS5.7AI score0.02435EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/10 5:2 a.m.8 views

subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...

5.4CVSS5.7AI score0.02435EPSS
Exploits0References5
NCSC
NCSC
added 2022/06/01 12:0 a.m.6 views

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Multiple vulnerabilities have been fixed in the Red Hat OpenShift Container Platform. These vulnerabilities allow an attacker to able to perform a Cross-Site Scripting XSS attack on the subversion plugin of Jenkins or a denial-of-service DoS in GoLang. Red Hat has made updates available for Red H...

7.5CVSS6.4AI score0.7855EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2022/05/31 5:45 a.m.4 views

subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...

5.4CVSS5.7AI score0.02435EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 7:19 p.m.13 views

GHSA-Q58J-FHJ7-J6FG Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files

Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. Subversion Plugin 2.15.1 checks for...

6.5CVSS8.3AI score0.02073EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 5:33 p.m.31 views

GHSA-VP5F-8JGW-J53C XXE vulnerability in Jenkins Subversion Plugin

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins...

6.5CVSS6.4AI score0.01478EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:33 p.m.33 views

XXE vulnerability in Jenkins Subversion Plugin

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins...

6.5CVSS6.8AI score0.01478EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/05/19 12:0 a.m.80 views

RHEL 8 : OpenShift Container Platform 4.9.33 (RHSA-2022:2205)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:2205 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

5.4CVSS6.2AI score0.7855EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2022/05/18 12:3 p.m.6 views

subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...

5.4CVSS5.7AI score0.02435EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/18 12:3 p.m.75 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.9.33 packages and security update

Red Hat OpenShift Container Platform release 4.9.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a...

5.4CVSS6.3AI score0.7855EPSS
Exploits0References5
OSV
OSV
added 2022/05/17 4:44 a.m.6 views

GHSA-C4FR-GX5W-8QF2 Jenkins Subversion Plugin Stores Credentials with Base64 Encoding

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...

5.1CVSS6AI score0.00497EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/05/17 4:44 a.m.11 views

Jenkins Subversion Plugin Stores Credentials with Base64 Encoding

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...

2.1CVSS6.4AI score0.00497EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2022/05/17 12:29 a.m.2 views

GHSA-HRWC-PQFM-G6QF Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability

Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...

6.5CVSS5.9AI score0.01031EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/05/16 12:0 a.m.148 views

Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.10 / 2.332.2.6 Multiple Vulnerabilities (CloudBees Security Advisory 2022-04-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.10, or 2.x prior to 2.332.2.6. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Pipeline: Shared Groovy Libraries Plugin...

8.8CVSS5.9AI score0.7855EPSS
Exploits0References18
OSV
OSV
added 2022/05/13 1:48 a.m.13 views

GHSA-W9GQ-8Q35-3JCC Jenkins Subversion Plugin Incorrect Authorization vulnerability

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. As of version 2.10.3, the class handling requests to...

5.3CVSS5.3AI score0.00914EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/05/02 6:23 p.m.4 views

subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...

5.4CVSS5.7AI score0.02435EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/05/02 12:0 a.m.43 views

RHEL 8 : OpenShift Container Platform 4.10.12 (RHSA-2022:1600)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1600 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

5.4CVSS6.2AI score0.7855EPSS
Exploits0References10
OSV
OSV
added 2022/04/13 12:0 a.m.33 views

GHSA-WPR6-QVCQ-8269 Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags and more parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of...

5.4CVSS5.8AI score0.02435EPSS
Exploits0References5
CNVD
CNVD
added 2022/04/13 12:0 a.m.26 views

Jenkins Subversion Plugin Cross-Site Scripting Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A cross-site scripting vulnerability exists in the Jenkins Subversion Plugin, which stems from not escaping the name and...

5.4CVSS1AI score0.02435EPSS
Exploits0References1
NVD
NVD
added 2022/04/12 8:15 p.m.18 views

CVE-2022-29048

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS0.01802EPSS
Exploits0References3
Rows per page
Query Builder