107 matches found
CVE-2021-21698
An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on t...
Code injection
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent...
CVE-2021-21698
CVE-2021-21698 affects Jenkins Subversion Plugin up to version 2.15.0. The issue arises because the plugin does not restrict the file name when resolving the subversion key file on the controller from an agent, enabling path traversal to read arbitrary files on the Jenkins controller when an atta...
PT-2021-14729 · Jenkins · Jenkins Subversion Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.0 and earlier Description: The issue allows attackers who can control agent processes to read arbitrary files on the Jenkins controller file system. This is because the plugin does not restrict the name...
Jenkins 路径遍历漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Subversion Plugin in version 2.15.0 and earlier has a path traversal vulnerability that stems from the fact that...
jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks
A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secret...
jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks
A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secret...
XML External Entity (XXE)
jenkins-2-plugins is vulnerable to XML external entity XXE attacks. The vulnerability exists because of a flaw was found in the subversion Jenkins plugin that was not configured properly to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and ha...
jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks
A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secret...
jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks
A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secret...
CloudBees Jenkins Subversion Code Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A code issue vulnerability...
CVE-2020-2304
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2304
CVE-2020-2304 affects Jenkins Subversion Plugin
PT-2020-15534 · Jenkins · Jenkins Subversion Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.13.1 and earlier Description: The issue arises from the Jenkins Subversion Plugin not configuring its XML parser to prevent XML external entity XXE attacks. This allows attackers who can control an agent...
jenkins-subversion-plugin: XSS in project repository base url
Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...
jenkins-subversion-plugin: XSS in project repository base url
Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...
jenkins-subversion-plugin: XSS in project repository base url
Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...
PT-2020-15413 · Jenkins · Jenkins Subversion Partial Release Manager Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Partial Release Manager Plugin versions 1.0.1 and earlier Description: The issue is related to a reflected cross-site scripting vulnerability. It occurs because the error message for the repository URL field form validation...
CVE-2018-1000111
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users...