107 matches found
subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...
subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Multiple vulnerabilities have been fixed in the Red Hat OpenShift Container Platform. These vulnerabilities allow an attacker to able to perform a Cross-Site Scripting XSS attack on the subversion plugin of Jenkins or a denial-of-service DoS in GoLang. Red Hat has made updates available for Red H...
subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...
GHSA-Q58J-FHJ7-J6FG Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files
Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. Subversion Plugin 2.15.1 checks for...
GHSA-VP5F-8JGW-J53C XXE vulnerability in Jenkins Subversion Plugin
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins...
XXE vulnerability in Jenkins Subversion Plugin
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins...
RHEL 8 : OpenShift Container Platform 4.9.33 (RHSA-2022:2205)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:2205 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.9.33 packages and security update
Red Hat OpenShift Container Platform release 4.9.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a...
GHSA-C4FR-GX5W-8QF2 Jenkins Subversion Plugin Stores Credentials with Base64 Encoding
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...
Jenkins Subversion Plugin Stores Credentials with Base64 Encoding
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...
GHSA-HRWC-PQFM-G6QF Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability
Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...
Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.10 / 2.332.2.6 Multiple Vulnerabilities (CloudBees Security Advisory 2022-04-12)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.10, or 2.x prior to 2.332.2.6. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Pipeline: Shared Groovy Libraries Plugin...
GHSA-W9GQ-8Q35-3JCC Jenkins Subversion Plugin Incorrect Authorization vulnerability
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. As of version 2.10.3, the class handling requests to...
subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...
RHEL 8 : OpenShift Container Platform 4.10.12 (RHSA-2022:1600)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1600 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
GHSA-WPR6-QVCQ-8269 Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags and more parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of...
Jenkins Subversion Plugin Cross-Site Scripting Vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A cross-site scripting vulnerability exists in the Jenkins Subversion Plugin, which stems from not escaping the name and...
CVE-2022-29048
A cross-site request forgery CSRF vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL...